Windows Analysis Report
MBSetup.exe

Overview

General Information

Sample name:	MBSetup.exe
Analysis ID:	1427208
MD5:	b6d8b7e6f74196f62caba2ca77a7ae91
SHA1:	6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256:	74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
Infos:

Detection

Score:	38
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	36
Range:	0 - 100

Signatures

Creates an undocumented autostart registry key

Enables network access during safeboot for specific services

Found direct / indirect Syscall (likely to bypass EDR)

Installs new ROOT certificates

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Registers a service to start in safe boot mode

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains capabilities to detect virtual machines

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Classes Autorun Keys Modification

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected PsExec sysinternal tool

Classification

Signatures

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Bitcoin Miner

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Malwarebytes.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbam.exe
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbamtray.exe

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\MBSetup.exe

Window detected: Malwarebytes Setup WizardInstall now to clean and protect your computer for good&Install<a>Advanced options</a>By installing or using this product you agree to its <a>End User License Agreement</a> and <a>Privacy Policy</a>.

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Source: MBSetup.exe

Static PE information: certificate valid

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: z:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: x:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: v:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: t:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: r:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: p:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: n:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: l:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: j:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: h:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: f:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: b:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: y:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: w:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: u:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: s:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: q:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: o:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: m:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: k:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: i:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: g:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: e:
Source: C:\Windows\System32\svchost.exe	File opened: c:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: a:

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Software Vulnerabilities

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 353MB

Networking

Enables network access during safeboot for specific services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: NULL Service

Jump to behavior

Yara detected Generic Downloader

Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll, type: DROPPED

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.117.237.239 34.117.237.239
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 3.163.101.87 3.163.101.87
Source: Joe Sandbox View	IP Address: 23.216.73.151 23.216.73.151

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Forms
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Rules
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp, MBSetup.exe, 00000000.00000003.1651236201.0000000002659000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1651265227.000000000265A000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1676201400.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-content
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-contenthttp://xml.org/sax/features/validatio
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com/legal
Source: drvinst.exe, 00000008.00000003.2432411808.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000002.2434287955.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.h_
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/3/N
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/8
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/LPsd
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgext8
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgextce
Source: MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mb.dotnetruntime.win.x64/release
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.ctlr.64bitv5/release#R-
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.dbcls.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release1
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/q.
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901746615.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943161971.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com:443/mbam-c.svc.64bitv5/release
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://aws.amazon.com/compliance/
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.com
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.comallowlistsbgCloudTimeoutblocklistsblockpagebrowserOnlyProtectiondomain
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://br.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/slick-carousel
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca40/51
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.bgext.32bit/d/6/9/0/d69098824cb3f15eba951cc1848bcc85/11feade3
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.ctlr.64bitv5/9/e/f/5/9ef598bb4c2426f4b31baebf99fce838/e8691b7
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.dbcls.64bitv5/7/0/3/c/703c717289fea89d7b39642c7b8bc66e/8a445d
Source: MBSetup.exe, 00000000.00000003.2444345366.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102f6bc
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.sevenzip.32bit/0/e/8/7/0e872772dae952c6da648cb5914b4304/91bef
Source: MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.svc.64bitv5/9/2/7/d/927d42fa5b00a0bda8e9604e74f25979/0b804105
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca4
Source: MBSetup.exe, 00000000.00000003.2444931439.0000000004C67000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844874753.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844715993.0000000004C64000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1843077591.0000000004C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://de.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://es.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fr.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://it.malwarebytes.com/privacy/
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/link/uninstalled?days_since_install=launching
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/support/mb/windows/security-other-avhttps://links.malwarebytes.com/su
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comYI
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comfi
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://links.malwarebytes.comnohttps://subscribe-staging.mwbsys.comacctOwnerFirstNameacctOwnerLastN
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/support
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/supportstring
Source: MBAMService.exe, 00000009.00000003.2452838840.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B427B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://msdn.micros
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://preferences-mgr.truste.com/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pt.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://ru.malwarebytes.com/privacy/
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp, MBAMService.exe, 0000000A.00000003.2468740901.000002160A797000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://subscribe-staging.mwbsys.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.malwarebytes.com/hc/en-us/articles/360039142934-Installation-troubleshooting-for-Mal
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.jamsadr.com/eu-us-privacy-shield.
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/services-agreement/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/mb-logo-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/js/mess.js
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/legal/privacy-policyopenhttps://www.malwarebytes.com/eula/MBAM-Crelease
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/support/lifecycle/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/list
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.com/D
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.net/D
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.youronlinechoices.eu/

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA714.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\starfieldrootcag2_new.cer	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBUpdate.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\starfieldrootcag2_new.crt	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

System Summary

Creates driver files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys

Jump to behavior

Creates files inside the driver directory

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF

Creates files inside the system directory

Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Windows\SysWOW64\drivers\mbamtestfile.dat	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_268e58b44338d192\wnetvsc.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\mbamswissarmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamChameleon.sys
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\MBSetup.exe

File deleted: C:\Windows\SysWOW64\drivers\mbamtestfile.dat

Jump to behavior

Detected potential crypto function

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165DAF4	5_2_00007FF75165DAF4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F5210	5_2_00007FF7514F5210
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F21B0	5_2_00007FF7514F21B0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2	5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514FABC0	5_2_00007FF7514FABC0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F9E00	5_2_00007FF7514F9E00
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F0070	5_2_00007FF7514F0070
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B5860	5_2_00007FF7514B5860
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C0AE0	5_2_00007FF7514C0AE0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751665468	5_2_00007FF751665468
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C5440	5_2_00007FF7514C5440
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751556C30	5_2_00007FF751556C30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751661B5C	5_2_00007FF751661B5C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF3C0	5_2_00007FF7514CF3C0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C03B7	5_2_00007FF7514C03B7
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B8E30	5_2_00007FF7514B8E30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF640	5_2_00007FF7514CF640
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C3560	5_2_00007FF7514C3560
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165E5D8	5_2_00007FF75165E5D8
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B2090	5_2_00007FF7514B2090
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751662838	5_2_00007FF751662838
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D08E0	5_2_00007FF7514D08E0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75164BF78	5_2_00007FF75164BF78
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163D7B0	5_2_00007FF75163D7B0

Enables security privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Process token adjusted: Security

Jump to behavior

Found potential string decryption / allocating functions

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3570 appears 99 times
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3630 appears 49 times

PE file contains executable resources (Code or Archives)

Source: MBSetup.exe	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: BINARY type: 7-zip archive data, version 0.4
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

PE file does not import any functions

Source: api-ms-win-core-heap-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Xml.XPath.XDocument.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Web.HttpUtility.dll.2.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus38.troj.evad.winEXE@37/761@0/25

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF751506470 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,

5_2_00007FF751506470

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Program Files (x86)\mbamtestfile.dat

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Users\Public\Desktop\Malwarebytes.lnk

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: \Sessions\1\BaseNamedObjects\MalwarebytesDbIntegrityMonitor
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\MBSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_Desktop_MBSetup.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7932:120:WilError_03

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Source: MBSetup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtun
Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtunlegacy

Source: unknown	Process created: C:\Users\user\Desktop\MBSetup.exe "C:\Users\user\Desktop\MBSetup.exe"
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: lpk.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: userenv.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: spinf.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: icu.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dwrite.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wldp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: profapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sxs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wlanapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshunix.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winrnr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: nlaapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshbth.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: napinsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: schannel.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\MBSetup.exe

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

Source: MBSetup.exe

Static PE information: certificate valid

Source: MBSetup.exe

Static file information: File size 2589624 > 1048576

Source: MBSetup.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x179200

Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: MBSetup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Binary contains a suspicious time stamp

Source: System.Web.dll.2.dr

Static PE information: 0xA8C18CA1 [Sat Sep 20 04:12:17 2059 UTC]

PE file contains sections with non-standard names

Source: MBAMInstallerService.exe.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514BA592 push rbp; iretd	5_2_00007FF7514BA59B
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D205D push rbp; iretd	5_2_00007FF7514D205E
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D1F4D push rbp; iretd	5_2_00007FF7514D1F4E

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob

Drops PE files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL

Registers a service to start in safe boot mode

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService NULL

Jump to behavior

Creates or modifies windows services

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Modifies existing windows services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163D7B0 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_00007FF75163D7B0

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\MBSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: 295EEAB0000 memory reserve | memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion

Contains long sleeps (>= 3 min)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 2669	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 7147	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 1522
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 2182
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 807
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 3984

Found dropped PE file which has not been started or loaded

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file

Is looking for software installed on the system

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key enumerated: More than 232 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\MBSetup.exe TID: 7296	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -2669000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -7147000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe TID: 7580	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe TID: 2016	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -240000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239656s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239297s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -238953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235781s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235438s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234501s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234162s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233815s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129752s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233335s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129419s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233006s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129056s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232648s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128694s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232285s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128352s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231927s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128005s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231573s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127652s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231239s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127309s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -230892s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -99388s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -126099s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59718s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59252s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58893s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58524s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58191s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57822s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57489s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57073s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56740s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56371s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56039s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55669s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55321s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54967s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54619s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54281s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53942s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53579s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53240s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52876s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52537s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4556	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\MBSetup.exe

File Volume queried: C:\ProgramData FullSizeInformation

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129752
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129419
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129056
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128694
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128352
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128005
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127652
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127309
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 99388
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 126099
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59718
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59252
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58893
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58524
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58191
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57822
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57489
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57073
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56740
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56371
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56039
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55669
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55321
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54967
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54619
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54281
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53942
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53579
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53240
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52876
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52537

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v vpn network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter Installation Disk #11
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter3
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2313220263.0000018752E05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu[
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter`'%netvsc_eth.devicedesc%
Source: MBVpnTunnelService.exe, 00000005.00000003.2352947313.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2311905039.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2405612269.0000018752E10000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2381364351.0000018752E0A000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2316291593.0000018752E09000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E12000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355139484.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2361233708.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2337587654.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2317016164.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: ??VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALReading the machine id from the registry key.MachineIDD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppmb::common::system::MachineId::GetMachineGuidInternalSOFTWARE\Malwarebytes\idSuccessfully read the machine id from the registry key.The machine id registry key does not exist, creating the key and writing the uuid.Unable to save to the machine id registry key.Software\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|Unable to retrieve the disk serial number. Using alternative value.mb::common::system::MachineId::GetHostMachineId3%02X:%02X:%02X:%02X:%02X:%02XROOT\CIMV2SELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0WQLIndexMACAddressNameSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorIDError %lu calling GetSystemDirectorymb::common::system::MachineId::GetDiskSignatureInternal\\?\%sError %lu calling wsplitpath_sError %lu from CreateFileError %lu calling DeviceIoControlSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uError %lu calling CoInitializeSecurity hr=0x%08Xmb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoCreateInstance hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoSetProxyBlanket hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling ExecQuery hr=0x%08XserialNumberError %lu calling Get hr=0x%08XError %lu calling StringCchCopy hr=0x%08Xmb::common::system::MachineId::GetDiskSerialNumberInternalSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uError: exception in StringCchCopyAMySafeStringCchCopyAError: NULL buffermb::common::system::MachineId::GetDiskSerialNumberInternal2Calling CreateFileW with path (%ls).Error %lu calling CreateFileWError %lu calling DeviceIoControl to get buffer size.Error: zero size descriptorError %lu calling DeviceIoControl to get buffer.DeviceIoControl didn't return a serial number.Error: NULL serial numberNull reg utilsmb::common::system::MachineId::RegKeyExistsmb::common::system::MachineId::WriteDatamb::common::system::MachineId::GetValueString
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapterc
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapterLA
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1674570638.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter2
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom$
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapter$
Source: MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {vmnetextensionsystem32\drivers\wfplwfs.sys,-6001g
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter -
Source: MBVpnTunnelService.exe, 00000005.00000003.2323844843.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtuY
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemulex ocl11102-f6-x virtual fabric adapter 2-port 10gb lomL
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 'Hyper-V Network Adapter Name
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 non Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter(
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapterl#netvsc_mbb_cdma.DeviceDesc_D
Source: MBAMService.exe, 00000009.00000003.2452465973.00000264B426B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: MBVpnTunnelService.exe, 00000005.00000003.2439378727.000001875280B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll11
Source: MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter1\+%netvsc_mbb_cdma.devicedesc%
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: xustring too long{ADC340ED-D55E-4E83-92AB-E57BEE7DD6F8}VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALSOFTWARE\MalwarebytesidSoftware\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|ROOT\CIMV2WQLSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorID\\?\%sSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uSELECT serialNumber FROM Win32_PhysicalMemoryserialNumberSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uinvalid string positionvector<T> too long0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network AdapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemulex oneconnect oce11101-i, nic
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionptra se 3455 plus ps3n
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: VMwareVMware
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V VPN Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapterl
Source: MBVpnTunnelService.exe, 00000005.00000003.2290240136.0000018752D8F000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2293819782.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2300563965.0000018752DA0000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2302945645.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2297641102.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2303194226.00000187531F1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2318459287.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2307436225.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2290931068.0000018752D90000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2294324761.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: VMwareVMwareXenVMMXenVMMVBoxVBoxVBoxParallels HvKVMKVMKVMbhyve bhyve lrpepyh vrVMwareXenReading the machine id from the registry key.VRTUALD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppMachineIDSOFTWARE\Malwarebytes\mb::common::system::MachineId::GetMachineGuidInternalSuccessfully read the machine id from the registry key.idUnable to save to the machine id registry key.The machine id registry key does not exist, creating the key and writing the uuid.MachineGuidSoftware\Microsoft\CryptographySystemBiosVersionHardware\Description\SystemSystemBiosDatemb::common::system::MachineId::GetHostMachineId3Unable to retrieve the disk serial number. Using alternative value.ROOT\CIMV2%02X:%02X:%02X:%02X:%02X:%02XWQLSELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0MACAddressIndexNameUUIDSELECT UUID FROM Win32_ComputerSystemProductSerialNumberSELECT SerialNumber FROM Win32_BIOSprocessorIDSELECT processorID FROM win32_processormb::common::system::MachineId::GetDiskSignatureInternalError %lu calling GetSystemDirectoryError %lu calling wsplitpath_s\\?\%sError %lu calling DeviceIoControlError %lu from CreateFileSignatureSELECT Signature FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoInitializeSecurity hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoCreateInstance hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling CoSetProxyBlanket hr=0x%08XserialNumberError %lu calling ExecQuery hr=0x%08XError %lu calling StringCchCopy hr=0x%08XError %lu calling Get hr=0x%08XSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetDiskSerialNumberInternalMySafeStringCchCopyAError: exception in StringCchCopyAmb::common::system::MachineId::GetDiskSerialNumberInternal2Error: NULL bufferError %lu calling CreateFileWCalling CreateFileW with path (%ls).Error: zero size descriptorError %lu calling DeviceIoControl to get buffer size.Error %lu calling DeviceIoControl to get buffer.Error: NULL serial numberDeviceIoControl didn't return a serial number.mb::common::system::MachineId::RegKeyExistsNull reg utilsmb::common::system::MachineId::GetValueStringmb::common::system::MachineId::WriteData0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionpn\Policies\System\NoConnec}
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn6
Source: MBVpnTunnelService.exe, 00000005.00000003.2319031374.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtut

Source: C:\Users\user\Desktop\MBSetup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00007FF75163F2C4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F630 GetLastError,IsDebuggerPresent,OutputDebugStringW,

5_2_00007FF75163F630

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514C026D GetProcessHeap,HeapAlloc,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,GetLastError,GetLastError,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,

5_2_00007FF7514C026D

Enables debug privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF75163F2C4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163ECC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF75163ECC4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7516495A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF7516495A8

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF7C2A52F
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF9E86545

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"

Language, Device and Operating System Detection

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	5_2_00007FF75166FC4C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00007FF7516704A4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00007FF751670680
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: try_get_function,GetLocaleInfoW,	5_2_00007FF75166862C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF751670068
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166805C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166FF98

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514C46A0 GetLastError,_Init_thread_footer,_Init_thread_footer,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,CreateThreadpool,GetLastError,CreateThreadpoolCleanupGroup,GetLastError,SetThreadpoolThreadMinimum,SetThreadpoolThreadMaximum,WaitForSingleObject,CreateNamedPipeW,GetLastError,WaitForSingleObject,CloseHandle,GetLastError,CreateThreadpoolWork,GetLastError,CloseHandle,SubmitThreadpoolWork,CloseThreadpoolWork,CloseThreadpoolCleanupGroupMembers,CloseThreadpoolCleanupGroup,CloseThreadpool,_invalid_parameter_noinfo_noreturn,

5_2_00007FF7514C46A0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514CC220 _invalid_parameter_noinfo_noreturn,GetLocalTime,GetTickCount,GetCurrentThreadId,

5_2_00007FF7514CC220

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514CF3C0 GetModuleHandleW,GetProcAddress,GetVersionExW,NetWkstaGetInfo,NetApiBufferFree,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,VerSetConditionMask,VerifyVersionInfoW,

5_2_00007FF7514CF3C0

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2400514237.000001875325E000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2399815000.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2401914948.0000018753268000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2402150638.000001875326C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PGSETUP.EXE
Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Remote Access Functionality

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.161.136.22	unknown	United States	16509	AMAZON-02US	false
44.199.68.15	unknown	United States	14618	AMAZON-AESUS	false
34.117.237.239	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
52.10.78.57	unknown	United States	16509	AMAZON-02US	false
34.117.188.166	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
35.82.157.101	unknown	United States	237	MERIT-AS-14US	false
3.163.101.87	unknown	United States	16509	AMAZON-02US	false
3.233.23.101	unknown	United States	14618	AMAZON-AESUS	false
23.216.73.151	unknown	United States	20940	AKAMAI-ASN1EU	false
34.234.125.19	unknown	United States	14618	AMAZON-AESUS	false
34.120.208.123	unknown	United States	15169	GOOGLEUS	false
45.83.223.233	unknown	Sweden	39351	ESAB-ASSE	false
23.20.67.183	unknown	United States	14618	AMAZON-AESUS	false
34.149.100.209	unknown	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	unknown	United States	15169	GOOGLEUS	false
3.161.136.57	unknown	United States	16509	AMAZON-02US	false
3.161.136.79	unknown	United States	16509	AMAZON-02US	false
34.107.221.82	unknown	United States	15169	GOOGLEUS	false
52.25.6.244	unknown	United States	16509	AMAZON-02US	false
35.244.181.201	unknown	United States	15169	GOOGLEUS	false
44.234.138.74	unknown	United States	16509	AMAZON-02US	false
34.231.228.179	unknown	United States	14618	AMAZON-AESUS	false
34.160.144.191	unknown	United States	2686	ATGS-MMD-ASUS	false
35.82.208.123	unknown	United States	237	MERIT-AS-14US	false

Private

IP
127.0.0.1

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Bitcoin Miner

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Malwarebytes.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbam.exe
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbamtray.exe

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\MBSetup.exe

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Source: MBSetup.exe

Static PE information: certificate valid

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: z:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: x:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: v:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: t:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: r:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: p:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: n:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: l:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: j:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: h:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: f:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: b:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: y:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: w:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: u:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: s:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: q:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: o:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: m:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: k:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: i:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: g:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: e:
Source: C:\Windows\System32\svchost.exe	File opened: c:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: a:

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Software Vulnerabilities

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 353MB

Networking

Enables network access during safeboot for specific services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: NULL Service

Jump to behavior

Yara detected Generic Downloader

Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll, type: DROPPED

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.117.237.239 34.117.237.239
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 3.163.101.87 3.163.101.87
Source: Joe Sandbox View	IP Address: 23.216.73.151 23.216.73.151

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Forms
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Rules
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp, MBSetup.exe, 00000000.00000003.1651236201.0000000002659000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1651265227.000000000265A000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1676201400.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-content
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-contenthttp://xml.org/sax/features/validatio
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com/legal
Source: drvinst.exe, 00000008.00000003.2432411808.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000002.2434287955.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.h_
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/3/N
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/8
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/LPsd
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgext8
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgextce
Source: MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mb.dotnetruntime.win.x64/release
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.ctlr.64bitv5/release#R-
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.dbcls.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release1
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/q.
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901746615.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943161971.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com:443/mbam-c.svc.64bitv5/release
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://aws.amazon.com/compliance/
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.com
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.comallowlistsbgCloudTimeoutblocklistsblockpagebrowserOnlyProtectiondomain
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://br.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/slick-carousel
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca40/51
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.bgext.32bit/d/6/9/0/d69098824cb3f15eba951cc1848bcc85/11feade3
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.ctlr.64bitv5/9/e/f/5/9ef598bb4c2426f4b31baebf99fce838/e8691b7
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.dbcls.64bitv5/7/0/3/c/703c717289fea89d7b39642c7b8bc66e/8a445d
Source: MBSetup.exe, 00000000.00000003.2444345366.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102f6bc
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.sevenzip.32bit/0/e/8/7/0e872772dae952c6da648cb5914b4304/91bef
Source: MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.svc.64bitv5/9/2/7/d/927d42fa5b00a0bda8e9604e74f25979/0b804105
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca4
Source: MBSetup.exe, 00000000.00000003.2444931439.0000000004C67000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844874753.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844715993.0000000004C64000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1843077591.0000000004C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://de.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://es.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fr.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://it.malwarebytes.com/privacy/
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/link/uninstalled?days_since_install=launching
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/support/mb/windows/security-other-avhttps://links.malwarebytes.com/su
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comYI
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comfi
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://links.malwarebytes.comnohttps://subscribe-staging.mwbsys.comacctOwnerFirstNameacctOwnerLastN
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/support
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/supportstring
Source: MBAMService.exe, 00000009.00000003.2452838840.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B427B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://msdn.micros
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://preferences-mgr.truste.com/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pt.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://ru.malwarebytes.com/privacy/
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp, MBAMService.exe, 0000000A.00000003.2468740901.000002160A797000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://subscribe-staging.mwbsys.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.malwarebytes.com/hc/en-us/articles/360039142934-Installation-troubleshooting-for-Mal
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.jamsadr.com/eu-us-privacy-shield.
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/services-agreement/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/mb-logo-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/js/mess.js
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/legal/privacy-policyopenhttps://www.malwarebytes.com/eula/MBAM-Crelease
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/support/lifecycle/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/list
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.com/D
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.net/D
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.youronlinechoices.eu/

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA714.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\starfieldrootcag2_new.cer	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBUpdate.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\starfieldrootcag2_new.crt	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

System Summary

Creates driver files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys

Jump to behavior

Creates files inside the driver directory

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF

Creates files inside the system directory

Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Windows\SysWOW64\drivers\mbamtestfile.dat	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_268e58b44338d192\wnetvsc.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\mbamswissarmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamChameleon.sys
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\MBSetup.exe

File deleted: C:\Windows\SysWOW64\drivers\mbamtestfile.dat

Jump to behavior

Detected potential crypto function

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165DAF4	5_2_00007FF75165DAF4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F5210	5_2_00007FF7514F5210
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F21B0	5_2_00007FF7514F21B0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2	5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514FABC0	5_2_00007FF7514FABC0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F9E00	5_2_00007FF7514F9E00
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F0070	5_2_00007FF7514F0070
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B5860	5_2_00007FF7514B5860
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C0AE0	5_2_00007FF7514C0AE0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751665468	5_2_00007FF751665468
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C5440	5_2_00007FF7514C5440
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751556C30	5_2_00007FF751556C30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751661B5C	5_2_00007FF751661B5C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF3C0	5_2_00007FF7514CF3C0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C03B7	5_2_00007FF7514C03B7
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B8E30	5_2_00007FF7514B8E30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF640	5_2_00007FF7514CF640
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C3560	5_2_00007FF7514C3560
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165E5D8	5_2_00007FF75165E5D8
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B2090	5_2_00007FF7514B2090
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751662838	5_2_00007FF751662838
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D08E0	5_2_00007FF7514D08E0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75164BF78	5_2_00007FF75164BF78
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163D7B0	5_2_00007FF75163D7B0

Enables security privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Process token adjusted: Security

Jump to behavior

Found potential string decryption / allocating functions

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3570 appears 99 times
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3630 appears 49 times

PE file contains executable resources (Code or Archives)

Source: MBSetup.exe	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: BINARY type: 7-zip archive data, version 0.4
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

PE file does not import any functions

Source: api-ms-win-core-heap-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Xml.XPath.XDocument.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Web.HttpUtility.dll.2.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus38.troj.evad.winEXE@37/761@0/25

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF751506470 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,

5_2_00007FF751506470

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Program Files (x86)\mbamtestfile.dat

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Users\Public\Desktop\Malwarebytes.lnk

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: \Sessions\1\BaseNamedObjects\MalwarebytesDbIntegrityMonitor
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\MBSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_Desktop_MBSetup.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7932:120:WilError_03

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Source: MBSetup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtun
Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtunlegacy

Source: unknown	Process created: C:\Users\user\Desktop\MBSetup.exe "C:\Users\user\Desktop\MBSetup.exe"
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: lpk.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: userenv.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: spinf.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: icu.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dwrite.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wldp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: profapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sxs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wlanapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshunix.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winrnr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: nlaapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshbth.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: napinsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: schannel.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\MBSetup.exe

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

Source: MBSetup.exe

Static PE information: certificate valid

Source: MBSetup.exe

Static file information: File size 2589624 > 1048576

Source: MBSetup.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x179200

Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: MBSetup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Binary contains a suspicious time stamp

Source: System.Web.dll.2.dr

Static PE information: 0xA8C18CA1 [Sat Sep 20 04:12:17 2059 UTC]

PE file contains sections with non-standard names

Source: MBAMInstallerService.exe.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514BA592 push rbp; iretd	5_2_00007FF7514BA59B
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D205D push rbp; iretd	5_2_00007FF7514D205E
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D1F4D push rbp; iretd	5_2_00007FF7514D1F4E

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob

Drops PE files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL

Registers a service to start in safe boot mode

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService NULL

Jump to behavior

Creates or modifies windows services

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Modifies existing windows services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

5_2_00007FF75163D7B0

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\MBSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: 295EEAB0000 memory reserve | memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion

Contains long sleeps (>= 3 min)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 2669	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 7147	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 1522
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 2182
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 807
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 3984

Found dropped PE file which has not been started or loaded

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file

Is looking for software installed on the system

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key enumerated: More than 232 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\MBSetup.exe TID: 7296	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -2669000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -7147000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe TID: 7580	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe TID: 2016	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -240000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239656s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239297s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -238953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235781s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235438s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234501s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234162s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233815s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129752s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233335s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129419s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233006s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129056s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232648s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128694s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232285s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128352s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231927s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128005s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231573s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127652s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231239s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127309s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -230892s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -99388s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -126099s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59718s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59252s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58893s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58524s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58191s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57822s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57489s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57073s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56740s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56371s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56039s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55669s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55321s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54967s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54619s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54281s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53942s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53579s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53240s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52876s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52537s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4556	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\MBSetup.exe

File Volume queried: C:\ProgramData FullSizeInformation

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129752
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129419
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129056
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128694
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128352
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128005
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127652
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127309
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 99388
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 126099
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59718
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59252
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58893
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58524
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58191
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57822
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57489
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57073
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56740
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56371
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56039
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55669
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55321
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54967
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54619
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54281
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53942
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53579
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53240
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52876
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52537

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v vpn network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter Installation Disk #11
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter3
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2313220263.0000018752E05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu[
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter`'%netvsc_eth.devicedesc%
Source: MBVpnTunnelService.exe, 00000005.00000003.2352947313.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2311905039.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2405612269.0000018752E10000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2381364351.0000018752E0A000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2316291593.0000018752E09000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E12000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355139484.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2361233708.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2337587654.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2317016164.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: ??VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALReading the machine id from the registry key.MachineIDD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppmb::common::system::MachineId::GetMachineGuidInternalSOFTWARE\Malwarebytes\idSuccessfully read the machine id from the registry key.The machine id registry key does not exist, creating the key and writing the uuid.Unable to save to the machine id registry key.Software\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|Unable to retrieve the disk serial number. Using alternative value.mb::common::system::MachineId::GetHostMachineId3%02X:%02X:%02X:%02X:%02X:%02XROOT\CIMV2SELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0WQLIndexMACAddressNameSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorIDError %lu calling GetSystemDirectorymb::common::system::MachineId::GetDiskSignatureInternal\\?\%sError %lu calling wsplitpath_sError %lu from CreateFileError %lu calling DeviceIoControlSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uError %lu calling CoInitializeSecurity hr=0x%08Xmb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoCreateInstance hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoSetProxyBlanket hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling ExecQuery hr=0x%08XserialNumberError %lu calling Get hr=0x%08XError %lu calling StringCchCopy hr=0x%08Xmb::common::system::MachineId::GetDiskSerialNumberInternalSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uError: exception in StringCchCopyAMySafeStringCchCopyAError: NULL buffermb::common::system::MachineId::GetDiskSerialNumberInternal2Calling CreateFileW with path (%ls).Error %lu calling CreateFileWError %lu calling DeviceIoControl to get buffer size.Error: zero size descriptorError %lu calling DeviceIoControl to get buffer.DeviceIoControl didn't return a serial number.Error: NULL serial numberNull reg utilsmb::common::system::MachineId::RegKeyExistsmb::common::system::MachineId::WriteDatamb::common::system::MachineId::GetValueString
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapterc
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapterLA
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1674570638.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter2
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom$
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapter$
Source: MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {vmnetextensionsystem32\drivers\wfplwfs.sys,-6001g
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter -
Source: MBVpnTunnelService.exe, 00000005.00000003.2323844843.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtuY
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemulex ocl11102-f6-x virtual fabric adapter 2-port 10gb lomL
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 'Hyper-V Network Adapter Name
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 non Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter(
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapterl#netvsc_mbb_cdma.DeviceDesc_D
Source: MBAMService.exe, 00000009.00000003.2452465973.00000264B426B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: MBVpnTunnelService.exe, 00000005.00000003.2439378727.000001875280B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll11
Source: MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter1\+%netvsc_mbb_cdma.devicedesc%
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: xustring too long{ADC340ED-D55E-4E83-92AB-E57BEE7DD6F8}VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALSOFTWARE\MalwarebytesidSoftware\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|ROOT\CIMV2WQLSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorID\\?\%sSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uSELECT serialNumber FROM Win32_PhysicalMemoryserialNumberSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uinvalid string positionvector<T> too long0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network AdapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemulex oneconnect oce11101-i, nic
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionptra se 3455 plus ps3n
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: VMwareVMware
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V VPN Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapterl
Source: MBVpnTunnelService.exe, 00000005.00000003.2290240136.0000018752D8F000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2293819782.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2300563965.0000018752DA0000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2302945645.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2297641102.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2303194226.00000187531F1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2318459287.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2307436225.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2290931068.0000018752D90000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2294324761.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: VMwareVMwareXenVMMXenVMMVBoxVBoxVBoxParallels HvKVMKVMKVMbhyve bhyve lrpepyh vrVMwareXenReading the machine id from the registry key.VRTUALD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppMachineIDSOFTWARE\Malwarebytes\mb::common::system::MachineId::GetMachineGuidInternalSuccessfully read the machine id from the registry key.idUnable to save to the machine id registry key.The machine id registry key does not exist, creating the key and writing the uuid.MachineGuidSoftware\Microsoft\CryptographySystemBiosVersionHardware\Description\SystemSystemBiosDatemb::common::system::MachineId::GetHostMachineId3Unable to retrieve the disk serial number. Using alternative value.ROOT\CIMV2%02X:%02X:%02X:%02X:%02X:%02XWQLSELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0MACAddressIndexNameUUIDSELECT UUID FROM Win32_ComputerSystemProductSerialNumberSELECT SerialNumber FROM Win32_BIOSprocessorIDSELECT processorID FROM win32_processormb::common::system::MachineId::GetDiskSignatureInternalError %lu calling GetSystemDirectoryError %lu calling wsplitpath_s\\?\%sError %lu calling DeviceIoControlError %lu from CreateFileSignatureSELECT Signature FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoInitializeSecurity hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoCreateInstance hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling CoSetProxyBlanket hr=0x%08XserialNumberError %lu calling ExecQuery hr=0x%08XError %lu calling StringCchCopy hr=0x%08XError %lu calling Get hr=0x%08XSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetDiskSerialNumberInternalMySafeStringCchCopyAError: exception in StringCchCopyAmb::common::system::MachineId::GetDiskSerialNumberInternal2Error: NULL bufferError %lu calling CreateFileWCalling CreateFileW with path (%ls).Error: zero size descriptorError %lu calling DeviceIoControl to get buffer size.Error %lu calling DeviceIoControl to get buffer.Error: NULL serial numberDeviceIoControl didn't return a serial number.mb::common::system::MachineId::RegKeyExistsNull reg utilsmb::common::system::MachineId::GetValueStringmb::common::system::MachineId::WriteData0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionpn\Policies\System\NoConnec}
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn6
Source: MBVpnTunnelService.exe, 00000005.00000003.2319031374.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtut

Source: C:\Users\user\Desktop\MBSetup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00007FF75163F2C4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F630 GetLastError,IsDebuggerPresent,OutputDebugStringW,

5_2_00007FF75163F630

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

5_2_00007FF7514C026D

Enables debug privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF75163F2C4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163ECC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF75163ECC4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7516495A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF7516495A8

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF7C2A52F
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF9E86545

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"

Language, Device and Operating System Detection

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	5_2_00007FF75166FC4C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00007FF7516704A4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00007FF751670680
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: try_get_function,GetLocaleInfoW,	5_2_00007FF75166862C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF751670068
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166805C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166FF98

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

5_2_00007FF7514C46A0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514CC220 _invalid_parameter_noinfo_noreturn,GetLocalTime,GetTickCount,GetCurrentThreadId,

5_2_00007FF7514CC220

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

5_2_00007FF7514CF3C0

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2400514237.000001875325E000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2399815000.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2401914948.0000018753268000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2402150638.000001875326C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PGSETUP.EXE
Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Remote Access Functionality

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

ID:	1427208
Product:	CloudBasic
Start time:	09:13:08
Start date:	17.04.2024
Sample:	MBSetup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b6d8b7e6f74196f62caba2ca77a7ae91
SHA1:	6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256:	74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report MBSetup.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Privilege Escalation

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
MBSetup.exe