Edit tour

Windows Analysis Report
MBSetup.exe

Overview

General Information

Sample name:	MBSetup.exe
Analysis ID:	1427208
MD5:	b6d8b7e6f74196f62caba2ca77a7ae91
SHA1:	6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256:	74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
Infos:

Detection

Score:	38
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	36
Range:	0 - 100

Signatures

Creates an undocumented autostart registry key

Enables network access during safeboot for specific services

Found direct / indirect Syscall (likely to bypass EDR)

Installs new ROOT certificates

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Registers a service to start in safe boot mode

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains capabilities to detect virtual machines

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Classes Autorun Keys Modification

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected PsExec sysinternal tool

Classification

Analysis Advice

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

System is w10x64

MBSetup.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\MBSetup.exe" MD5: B6D8B7E6F74196F62CABA2CA77A7AE91)

cmd.exe (PID: 7592 cmdline: cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 2300 cmdline: timeout /t 1 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

firefox.exe (PID: 3352 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

MBAMInstallerService.exe (PID: 7508 cmdline: "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe" MD5: CC91FBC5E424154388AFBE808DE25FF6)

MBVpnTunnelService.exe (PID: 7924 cmdline: "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun MD5: 46F875F1FE3D6063B390E3A170C90E50)

conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MBAMService.exe (PID: 8144 cmdline: "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected MD5: B9251F9808C8ADE391E452F12F87E20D)

svchost.exe (PID: 8064 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

drvinst.exe (PID: 8100 cmdline: DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)

MBAMService.exe (PID: 6904 cmdline: "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" MD5: B9251F9808C8ADE391E452F12F87E20D)

Malwarebytes.exe (PID: 2792 cmdline: "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow MD5: F78BA9ED5C75BA595C2C73483C06EB06)

firefox.exe (PID: 1716 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 2948 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 5168 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6616 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8004 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

svchost.exe (PID: 5328 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	JoeSecurity_PsExec	Yara detected PsExec sysinternal tool	Joe Security

Sigma Signatures

Sigma detected: Classes Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: {57CE581A-0CB6-4266-9CA0-19364C90A0B3}, EventID: 13, EventType: SetValue, Image: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe, ProcessId: 6904, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt\(Default)

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, ProcessId: 8064, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Bitcoin Miner

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Malwarebytes.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbam.exe
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION mbamtray.exe

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\MBSetup.exe

EXE: cmd.exe

Jump to behavior

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Found installer window with terms and condition text

Source: C:\Users\user\Desktop\MBSetup.exe

Window detected: Malwarebytes Setup WizardInstall now to clean and protect your computer for good&Install<a>Advanced options</a>By installing or using this product you agree to its <a>End User License Agreement</a> and <a>Privacy Policy</a>.

Creates a directory in C:\Program Files

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Creates a software uninstall entry

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

Creates install or setup log file

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

PE / OLE file has a valid certificate

Source: MBSetup.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: z:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: x:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: v:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: t:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: r:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: p:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: n:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: l:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: j:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: h:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: f:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: b:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: y:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: w:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: u:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: s:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: q:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: o:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: m:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: k:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: i:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: g:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: e:
Source: C:\Windows\System32\svchost.exe	File opened: c:
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File opened: a:

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Software Vulnerabilities

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 353MB

Networking

Enables network access during safeboot for specific services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: NULL Service

Jump to behavior

Yara detected Generic Downloader

Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll, type: DROPPED

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 34.117.237.239 34.117.237.239
Source: Joe Sandbox View	IP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox View	IP Address: 3.163.101.87 3.163.101.87
Source: Joe Sandbox View	IP Address: 23.216.73.151 23.216.73.151

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072C58000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072C58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Forms
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.adr.org/Rules
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp, MBSetup.exe, 00000000.00000003.1651236201.0000000002659000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1651265227.000000000265A000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1676201400.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-content
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-contenthttp://xml.org/sax/features/validatio
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.malwarebytes.com/legal
Source: drvinst.exe, 00000008.00000003.2432411808.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000002.2434287955.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.h_
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/3/N
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/8
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/LPsd
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgext8
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/bgextce
Source: MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mb.dotnetruntime.win.x64/release
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.ctlr.64bitv5/release#R-
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.dbcls.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release1
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com/q.
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901746615.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943161971.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ark.mwbsys.com:443/mbam-c.svc.64bitv5/release
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://aws.amazon.com/compliance/
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.com
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://block.malwarebytes.comallowlistsbgCloudTimeoutblocklistsblockpagebrowserOnlyProtectiondomain
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://br.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/slick-carousel
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/
Source: MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca40/51
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.bgext.32bit/d/6/9/0/d69098824cb3f15eba951cc1848bcc85/11feade3
Source: MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.ctlr.64bitv5/9/e/f/5/9ef598bb4c2426f4b31baebf99fce838/e8691b7
Source: MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.dbcls.64bitv5/7/0/3/c/703c717289fea89d7b39642c7b8bc66e/8a445d
Source: MBSetup.exe, 00000000.00000003.2444345366.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102f6bc
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.sevenzip.32bit/0/e/8/7/0e872772dae952c6da648cb5914b4304/91bef
Source: MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com/packages/mbam-c.svc.64bitv5/9/2/7/d/927d42fa5b00a0bda8e9604e74f25979/0b804105
Source: MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca4
Source: MBSetup.exe, 00000000.00000003.2444931439.0000000004C67000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844874753.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844715993.0000000004C64000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1843077591.0000000004C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.mwbsys.com:443/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.js
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://de.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://es.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fr.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://it.malwarebytes.com/privacy/
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/link/uninstalled?days_since_install=launching
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://links.malwarebytes.com/support/mb/windows/security-other-avhttps://links.malwarebytes.com/su
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comYI
Source: MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://links.malwarebytes.comfi
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://links.malwarebytes.comnohttps://subscribe-staging.mwbsys.comacctOwnerFirstNameacctOwnerLastN
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/support
Source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://malwarebytes.com/supportstring
Source: MBAMService.exe, 00000009.00000003.2452838840.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B427B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://msdn.micros
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pl.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://preferences-mgr.truste.com/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pt.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://ru.malwarebytes.com/privacy/
Source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp, MBAMService.exe, 0000000A.00000003.2468740901.000002160A797000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://subscribe-staging.mwbsys.com
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.malwarebytes.com/hc/en-us/articles/360039142934-Installation-troubleshooting-for-Mal
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/policies/privacy
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.jamsadr.com/eu-us-privacy-shield.
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/eula/services-agreement/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/mb-logo-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/js/mess.js
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/legal/privacy-policyopenhttps://www.malwarebytes.com/eula/MBAM-Crelease
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/privacy/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.malwarebytes.com/support/lifecycle/
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.privacyshield.gov/list
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.com/D
Source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wireguard.net/D
Source: MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.youronlinechoices.eu/

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA714.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\starfieldrootcag2_new.cer	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBUpdate.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\starfieldrootcag2_new.crt	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514F7870 BCryptOpenAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptImportKeyPair,BCryptVerifySignature,BCryptDestroyKey,

5_2_00007FF7514F7870

System Summary

Creates driver files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys

Jump to behavior

Creates files inside the driver directory

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF

Creates files inside the system directory

Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Windows\SysWOW64\drivers\mbamtestfile.dat	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_268e58b44338d192\wnetvsc.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\mbamswissarmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\system32\DRIVERS\MbamChameleon.sys
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\MBSetup.exe

File deleted: C:\Windows\SysWOW64\drivers\mbamtestfile.dat

Jump to behavior

Detected potential crypto function

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165DAF4	5_2_00007FF75165DAF4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F5210	5_2_00007FF7514F5210
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F21B0	5_2_00007FF7514F21B0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2	5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514FABC0	5_2_00007FF7514FABC0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F9E00	5_2_00007FF7514F9E00
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514F0070	5_2_00007FF7514F0070
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B5860	5_2_00007FF7514B5860
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C0AE0	5_2_00007FF7514C0AE0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751665468	5_2_00007FF751665468
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C5440	5_2_00007FF7514C5440
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751556C30	5_2_00007FF751556C30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751661B5C	5_2_00007FF751661B5C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF3C0	5_2_00007FF7514CF3C0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C03B7	5_2_00007FF7514C03B7
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B8E30	5_2_00007FF7514B8E30
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514CF640	5_2_00007FF7514CF640
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514C3560	5_2_00007FF7514C3560
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75165E5D8	5_2_00007FF75165E5D8
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B2090	5_2_00007FF7514B2090
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751662838	5_2_00007FF751662838
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D08E0	5_2_00007FF7514D08E0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75164BF78	5_2_00007FF75164BF78
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163D7B0	5_2_00007FF75163D7B0

Enables security privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Process token adjusted: Security

Jump to behavior

Found potential string decryption / allocating functions

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3570 appears 99 times
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: String function: 00007FF7514B3630 appears 49 times

PE file contains executable resources (Code or Archives)

Source: MBSetup.exe	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: BINARY type: 7-zip archive data, version 0.4
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: MBAMInstallerService.exe.0.dr	Static PE information: Resource name: RESOURCEFILE type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

PE file does not import any functions

Source: api-ms-win-core-heap-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Xml.XPath.XDocument.dll.2.dr	Static PE information: No import functions for PE file found
Source: System.Web.HttpUtility.dll.2.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: MBSetup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus38.troj.evad.winEXE@37/761@0/25

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF751506470 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,

5_2_00007FF751506470

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Program Files (x86)\mbamtestfile.dat

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File created: C:\Users\Public\Desktop\Malwarebytes.lnk

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: \Sessions\1\BaseNamedObjects\MalwarebytesDbIntegrityMonitor
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\MBSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_Desktop_MBSetup.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7932:120:WilError_03

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Source: MBSetup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\MBSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtun
Source: MBVpnTunnelService.exe	String found in binary or memory: /installmbtunlegacy

Source: unknown	Process created: C:\Users\user\Desktop\MBSetup.exe "C:\Users\user\Desktop\MBSetup.exe"
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
Source: unknown	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Users\user\Desktop\MBSetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000168" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process created: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a919bd-c3c7-4ef4-a914-d79422c03b0c} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b7a26d310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5272 -prefMapHandle 5244 -prefsLen 33043 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eae8c4e-3b3b-4929-bb0e-9deade986469} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b126ed110 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: lpk.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: msi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: mpr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: powrprof.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: userenv.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netapi32.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: version.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: authz.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: devrtl.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: spinf.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: drvstore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: icu.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dwrite.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wldp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: profapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sxs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wlanapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: netutils.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshunix.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: winrnr.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: nlaapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: wshbth.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: devobj.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: napinsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: schannel.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Next
Source: C:\Users\user\Desktop\MBSetup.exe	Automated click: Install

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found installer window with terms and condition text

Source: C:\Users\user\Desktop\MBSetup.exe

Uses Microsoft Silverlight

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll

Jump to behavior

Checks if Microsoft Office is installed

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office

Jump to behavior

Creates a directory in C:\Program Files

Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\604834ce-d89f-4e94-a75c-9c4d5b683f67	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\1a8fa819fc8a11ee9711ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\1a8fa81afc8a11ee9c96ecf4bbea1588	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.deps.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.tmf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Directory created: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

Creates a software uninstall entry

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1

Jump to behavior

PE / OLE file has a valid certificate

Source: MBSetup.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: MBSetup.exe

Static file information: File size 2589624 > 1048576

PE file has a big raw section

Source: MBSetup.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x179200

PE file contains a mix of data directories often seen in goodware

Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MBSetup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: MBSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains a debug data directory

Source: MBSetup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains paths to debug symbols

Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\WinR_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_inserr\bin\Win32\Release\inserr.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpn_MBTunInstaller\bin\x64\Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\jenkins\workspace\N_MBTunDriver\bin\x64\Win7_Release\mbtun.pdb source: MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_Elam_Kernel\bin\x64\Win7_Release\MbamElam.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452465973.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2452838840.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2446597783.00000264B4284000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B4280000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B4280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb source: MBVpnTunnelService.exe, 00000005.00000000.2282427452.00007FF751687000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb~ source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_7zip_vs2022\7z2301-src\CPP\7zip\Bundles\Format7zF\x64\7z.pdb source: MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Jenkins\workspace\MBAM-Windows\A_MB5_MBSetup\bin\Win32\Release\MBSetup.pdb source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MBAMService\bin\x64\Release\MBAMService.pdb source: MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\Users\Jason A. Donenfeld\Projects\wireguard-nt\Release\arm64\setupapihost.pdb source: MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdbS source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp

PE file contains a valid data directory to section mapping

Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: MBSetup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Binary contains a suspicious time stamp

Source: System.Web.dll.2.dr

Static PE information: 0xA8C18CA1 [Sat Sep 20 04:12:17 2059 UTC]

PE file contains sections with non-standard names

Source: MBAMInstallerService.exe.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514BA592 push rbp; iretd	5_2_00007FF7514BA59B
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D205D push rbp; iretd	5_2_00007FF7514D205E
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514D1F4D push rbp; iretd	5_2_00007FF7514D1F4E

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A Blob
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E Blob

Drops PE files

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\MBSetup.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Diagnostics.EventLog.Messages.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\ucrtbase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	File created: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationClientSideProviders.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Controls.Ribbon.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationCore.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\Microsoft.VisualBasic.Forms.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File created: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file

Creates install or setup log file

Source: C:\Users\user\Desktop\MBSetup.exe

File created: C:\Users\user\AppData\Local\Temp\mbsetup.log

Jump to behavior

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt NULL

Registers a service to start in safe boot mode

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry value created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService NULL

Jump to behavior

Creates or modifies windows services

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Modifies existing windows services

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163D7B0 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_00007FF75163D7B0

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\MBSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive WHERE Index=0

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialNumber FROM Win32_PhysicalMemory

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: 295EEAB0000 memory reserve | memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion

Contains long sleeps (>= 3 min)

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 2669	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe	Window / User API: threadDelayed 7147	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 1522
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 2182
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 807
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Window / User API: threadDelayed 3984

Found dropped PE file which has not been started or loaded

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamsisdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.AccountManagement.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.DryIoc.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MwacLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\rtp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionSdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\igV5.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbshlext.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.DiagnosticSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Immutable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\sentrynativesdk.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\QRCoder.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Sentry.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ValueTuple.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Buffers.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorlib.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\RTPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clretwrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Swissarmy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCoreV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\offreg.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\ELAMBKUP\MbamElam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbampt.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mb5uns.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscorrc.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbcut.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Management.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Http.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Xaml.Behaviors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\UpdateControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\MbamChameleon.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\MBUpdateDlg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbtun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.DataContractSerialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbupdatr.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Container.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\VPNControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae-api-na.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SPControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\e_sqlite3.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.OpenSsl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SwissarmyShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\mbamswissarmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ObjectModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\msquic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\Microsoft.DiaSymReader.Native.amd64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\PoliciesControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\sampleV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\MBAMCore_b.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\BrowserSDKDLLV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SelfProtectionShim.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\clrjit.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.ILGeneration.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Extensions.Logging.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\TelemetryControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Enrichers.Process.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Serilog.Sinks.File.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.TypeExtensions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Dropped PE file which has not been started: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\SQLitePCLRaw.provider.e_sqlcipher.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.FileSystem.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dbclspkg\ActionsV5.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ScanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Web.HttpUtility.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebClient.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Prism.Wpf.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\servicepkg\mbamelam.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\host\fxr\6.0.28\hostfxr.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\wireguard.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\mbae64.sys	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Dropped PE file which has not been started: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll	Jump to dropped file

Is looking for software installed on the system

Source: C:\Users\user\Desktop\MBSetup.exe

Registry key enumerated: More than 232 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\MBSetup.exe TID: 7296	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -2669000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MBSetup.exe TID: 7384	Thread sleep time: -7147000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe TID: 7580	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe TID: 2016	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -240000s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239656s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -239297s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -238953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235781s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -235438s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234501s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -234162s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233815s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129953s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129752s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233335s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129419s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -233006s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -129056s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232648s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128694s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -232285s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128352s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231927s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -128005s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231573s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127652s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -231239s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -127309s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -230892s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -99388s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -126099s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59718s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -59252s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58893s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58524s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -58191s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57822s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57489s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -57073s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56740s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56371s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -56039s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55669s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -55321s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54967s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54619s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -54281s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53942s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53579s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -53240s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52876s >= -30000s
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe TID: 2116	Thread sleep time: -52537s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4556	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MBSetup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT processorID FROM win32_processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\MBSetup.exe

File Volume queried: C:\ProgramData FullSizeInformation

Jump to behavior

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7514B3BA2 FindFirstFileW,FindClose,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,GetLastError,LoadLibraryW,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF7514B3BA2
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF751513EC0 FindFirstFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		5_2_00007FF751513EC0

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 240000
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239656
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 239297
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 238953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235781
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 235438
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234501
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 234162
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233815
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129953
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129752
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233335
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129419
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 233006
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 129056
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232648
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128694
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 232285
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128352
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231927
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 128005
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231573
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127652
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 231239
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 127309
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 230892
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 99388
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 126099
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59718
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 59252
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58893
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58524
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 58191
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57822
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57489
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 57073
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56740
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56371
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 56039
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55669
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 55321
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54967
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54619
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 54281
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53942
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53579
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 53240
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52876
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Thread delayed: delay time: 52537

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	File opened: C:\Windows\TEMP\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	Jump to behavior

Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v vpn network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Network Adapter Installation Disk #11
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter3
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2313220263.0000018752E05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu[
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapter`'%netvsc_eth.devicedesc%
Source: MBVpnTunnelService.exe, 00000005.00000003.2352947313.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2311905039.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2405612269.0000018752E10000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2381364351.0000018752E0A000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2316291593.0000018752E09000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E12000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355139484.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2361233708.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2337587654.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2317016164.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtu
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: ??VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALReading the machine id from the registry key.MachineIDD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppmb::common::system::MachineId::GetMachineGuidInternalSOFTWARE\Malwarebytes\idSuccessfully read the machine id from the registry key.The machine id registry key does not exist, creating the key and writing the uuid.Unable to save to the machine id registry key.Software\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|Unable to retrieve the disk serial number. Using alternative value.mb::common::system::MachineId::GetHostMachineId3%02X:%02X:%02X:%02X:%02X:%02XROOT\CIMV2SELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0WQLIndexMACAddressNameSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorIDError %lu calling GetSystemDirectorymb::common::system::MachineId::GetDiskSignatureInternal\\?\%sError %lu calling wsplitpath_sError %lu from CreateFileError %lu calling DeviceIoControlSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uError %lu calling CoInitializeSecurity hr=0x%08Xmb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoCreateInstance hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoSetProxyBlanket hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling ExecQuery hr=0x%08XserialNumberError %lu calling Get hr=0x%08XError %lu calling StringCchCopy hr=0x%08Xmb::common::system::MachineId::GetDiskSerialNumberInternalSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uError: exception in StringCchCopyAMySafeStringCchCopyAError: NULL buffermb::common::system::MachineId::GetDiskSerialNumberInternal2Calling CreateFileW with path (%ls).Error %lu calling CreateFileWError %lu calling DeviceIoControl to get buffer size.Error: zero size descriptorError %lu calling DeviceIoControl to get buffer.DeviceIoControl didn't return a serial number.Error: NULL serial numberNull reg utilsmb::common::system::MachineId::RegKeyExistsmb::common::system::MachineId::WriteDatamb::common::system::MachineId::GetValueString
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapterc
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapterLA
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1674570638.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter2
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom$
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapter$
Source: MBVpnTunnelService.exe, 00000005.00000003.2439008472.0000018752E22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {vmnetextensionsystem32\drivers\wfplwfs.sys,-6001g
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Ethernet Network Adapter -
Source: MBVpnTunnelService.exe, 00000005.00000003.2323844843.0000018752E0D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtuY
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemulex ocl11102-f6-x virtual fabric adapter 2-port 10gb lomL
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 'Hyper-V Network Adapter Name
Source: MBVpnTunnelService.exe, 00000005.00000003.2301571546.0000018752876000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ; ConnectX-4 non Hyper-V VF
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V CDMA MBB Network Adapter(
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V GSM MBB Network Adapterl#netvsc_mbb_cdma.DeviceDesc_D
Source: MBAMService.exe, 00000009.00000003.2452465973.00000264B426B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: MBVpnTunnelService.exe, 00000005.00000003.2439378727.000001875280B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll11
Source: MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter1\+%netvsc_mbb_cdma.devicedesc%
Source: MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: xustring too long{ADC340ED-D55E-4E83-92AB-E57BEE7DD6F8}VMwareVMwareVBoxVBoxVBoxXenVMMXenVMMKVMKVMKVMParallels Hv lrpepyh vrbhyve bhyveXenVMwareVRTUALSOFTWARE\MalwarebytesidSoftware\Microsoft\CryptographyMachineGuidHardware\Description\SystemSystemBiosVersionSystemBiosDate\|ROOT\CIMV2WQLSELECT UUID FROM Win32_ComputerSystemProductUUIDSELECT SerialNumber FROM Win32_BIOSSerialNumberSELECT processorID FROM win32_processorprocessorID\\?\%sSELECT Signature FROM Win32_DiskDrive WHERE Index=%uSignature%uSELECT serialNumber FROM Win32_PhysicalMemoryserialNumberSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%uinvalid string positionvector<T> too long0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V WiFi Network AdapterX
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v gsm mbb network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2288327575.0000018752D41000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2289037292.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2287787400.000001875288B000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2288856939.0000018752DB2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemulex oneconnect oce11101-i, nic
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v wifi network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionptra se 3455 plus ps3n
Source: MBAMService.exe, 00000009.00000002.2455239360.00007FF7E274F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: VMwareVMware
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V VPN Network Adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v ethernet network adapterl
Source: MBVpnTunnelService.exe, 00000005.00000003.2290240136.0000018752D8F000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2293819782.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2300563965.0000018752DA0000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2302945645.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2297641102.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2303194226.00000187531F1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2318459287.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2307436225.0000018753200000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2290931068.0000018752D90000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2294324761.0000018752DAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Emulex OCl11102R-F-L Virtual Fabric Adapter 2-port 10Gb LOM\|qemulex ocl11102r-f-l virtual fabric adapter 2-port 10gb lom
Source: MBVpnTunnelService.exe, 00000005.00000003.2355991897.00000187533D1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v cdma mbb network adapter
Source: MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: VMwareVMwareXenVMMXenVMMVBoxVBoxVBoxParallels HvKVMKVMKVMbhyve bhyve lrpepyh vrVMwareXenReading the machine id from the registry key.VRTUALD:\Jenkins\workspace\N_MBCommon-vs2022\src\mbcommon\MachineId.cppMachineIDSOFTWARE\Malwarebytes\mb::common::system::MachineId::GetMachineGuidInternalSuccessfully read the machine id from the registry key.idUnable to save to the machine id registry key.The machine id registry key does not exist, creating the key and writing the uuid.MachineGuidSoftware\Microsoft\CryptographySystemBiosVersionHardware\Description\SystemSystemBiosDatemb::common::system::MachineId::GetHostMachineId3Unable to retrieve the disk serial number. Using alternative value.ROOT\CIMV2%02X:%02X:%02X:%02X:%02X:%02XWQLSELECT Index, MACAddress, Name FROM Win32_NetworkAdapter where AdapterTypeId=0MACAddressIndexNameUUIDSELECT UUID FROM Win32_ComputerSystemProductSerialNumberSELECT SerialNumber FROM Win32_BIOSprocessorIDSELECT processorID FROM win32_processormb::common::system::MachineId::GetDiskSignatureInternalError %lu calling GetSystemDirectoryError %lu calling wsplitpath_s\\?\%sError %lu calling DeviceIoControlError %lu from CreateFileSignatureSELECT Signature FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetMemorySerialNumbersInternalError %lu calling CoInitializeSecurity hr=0x%08XError %lu calling ConnectServer hr=0x%08XError %lu calling CoCreateInstance hr=0x%08XSELECT serialNumber FROM Win32_PhysicalMemoryError %lu calling CoSetProxyBlanket hr=0x%08XserialNumberError %lu calling ExecQuery hr=0x%08XError %lu calling StringCchCopy hr=0x%08XError %lu calling Get hr=0x%08XSELECT SerialNumber FROM Win32_DiskDrive WHERE Index=%umb::common::system::MachineId::GetDiskSerialNumberInternalMySafeStringCchCopyAError: exception in StringCchCopyAmb::common::system::MachineId::GetDiskSerialNumberInternal2Error: NULL bufferError %lu calling CreateFileWCalling CreateFileW with path (%ls).Error: zero size descriptorError %lu calling DeviceIoControl to get buffer size.Error %lu calling DeviceIoControl to get buffer.Error: NULL serial numberDeviceIoControl didn't return a serial number.mb::common::system::MachineId::RegKeyExistsNull reg utilsmb::common::system::MachineId::GetValueStringmb::common::system::MachineId::WriteData0123456789abcdef
Source: MBVpnTunnelService.exe, 00000005.00000003.2337416620.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2327677941.00000187528B1000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2334651799.00000187528AB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2353688897.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2351424730.00000187528A2000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2329473191.00000187528A8000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2352470075.00000187528A5000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2391960961.00000187537DB000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2419608475.0000018753957000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v network adapter
Source: MBVpnTunnelService.exe, 00000005.00000003.2419176498.00000187528C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetextensionpn\Policies\System\NoConnec}
Source: MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn6
Source: MBVpnTunnelService.exe, 00000005.00000003.2319031374.0000018752E10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0Gb LOM\|qemulex ocl11102r-f-l virtut

Source: C:\Users\user\Desktop\MBSetup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00007FF75163F2C4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF75163F630 GetLastError,IsDebuggerPresent,OutputDebugStringW,

5_2_00007FF75163F630

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514C026D GetProcessHeap,HeapAlloc,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,GetLastError,GetLastError,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,

5_2_00007FF7514C026D

Enables debug privileges

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Process token adjusted: Debug

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163F2C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF75163F2C4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF75163ECC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF75163ECC4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: 5_2_00007FF7516495A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF7516495A8

Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF7C2A52F
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	NtQueryDirectoryFile: Indirect: 0x7FFDF9E86545

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"

Language, Device and Operating System Detection

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	5_2_00007FF75166FC4C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00007FF7516704A4
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00007FF751670680
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: try_get_function,GetLocaleInfoW,	5_2_00007FF75166862C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF751670068
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166805C
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	Code function: EnumSystemLocalesW,	5_2_00007FF75166FF98

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.cat VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514C46A0 GetLastError,_Init_thread_footer,_Init_thread_footer,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,CreateThreadpool,GetLastError,CreateThreadpoolCleanupGroup,GetLastError,SetThreadpoolThreadMinimum,SetThreadpoolThreadMaximum,WaitForSingleObject,CreateNamedPipeW,GetLastError,WaitForSingleObject,CloseHandle,GetLastError,CreateThreadpoolWork,GetLastError,CloseHandle,SubmitThreadpoolWork,CloseThreadpoolWork,CloseThreadpoolCleanupGroupMembers,CloseThreadpoolCleanupGroup,CloseThreadpool,_invalid_parameter_noinfo_noreturn,

5_2_00007FF7514C46A0

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514CC220 _invalid_parameter_noinfo_noreturn,GetLocalTime,GetTickCount,GetCurrentThreadId,

5_2_00007FF7514CC220

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Code function: 5_2_00007FF7514CF3C0 GetModuleHandleW,GetProcAddress,GetVersionExW,NetWkstaGetInfo,NetApiBufferFree,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,VerSetConditionMask,VerifyVersionInfoW,

5_2_00007FF7514CF3C0

Source: C:\Users\user\Desktop\MBSetup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2400514237.000001875325E000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2399815000.000001875325D000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2401914948.0000018753268000.00000004.00000020.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2402150638.000001875326C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PGSETUP.EXE
Source: MBVpnTunnelService.exe, 00000005.00000003.2399420733.000001875325D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe

Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Jump to behavior
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Source: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Remote Access Functionality

Yara detected PsExec sysinternal tool

Source: Yara match

File source: C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	311 Windows Management Instrumentation	1 Scripting	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Search Order Hijacking	1 DLL Search Order Hijacking	1 Abuse Elevation Control Mechanism	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	31 Windows Service	1 Extra Window Memory Injection	2 Obfuscated Files or Information	NTDS	147 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	2 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Install Root Certificate	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	31 Windows Service	1 Timestomp	Cached Domain Credentials	371 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	12 Process Injection	1 DLL Side-Loading	DCSync	11 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	2 Registry Run Keys / Startup Folder	1 DLL Search Order Hijacking	Proc Filesystem	261 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Extra Window Memory Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	33 Masquerading	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Modify Registry	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	261 Virtualization/Sandbox Evasion	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service
Business Relationships	Server	Trusted Relationship	Visual Basic	Container Orchestration Job	Container Orchestration Job	1 Access Token Manipulation	Web Portal Capture	Local Groups	Component Object Model and Distributed COM	Local Email Collection	Internal Proxy	Commonly Used Port	Direct Network Flood
Identify Business Tempo	Botnet	Hardware Additions	Python	Hypervisor	Process Injection	12 Process Injection	Credential API Hooking	Domain Groups	Exploitation of Remote Services	Remote Email Collection	External Proxy	Transfer Data to Cloud Account	Reflection Amplification

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
MBSetup.exe	0%	ReversingLabs
MBSetup.exe	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe	0%	ReversingLabs
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (copy)	0%	ReversingLabs
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys	0%	ReversingLabs
C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	0%	ReversingLabs
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys	0%	ReversingLabs
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys	0%	ReversingLabs
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll	0%	ReversingLabs
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll	0%	ReversingLabs
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll	0%	ReversingLabs
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe	0%	ReversingLabs
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll	0%	ReversingLabs
C:\Windows\ELAMBKUP\MbamElam.sys	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\SETA745.tmp	0%	ReversingLabs
C:\Windows\System32\DriverStore\Temp\{edf7d8d8-304a-1448-a26a-bba0a7428f74}\mbtun.sys (copy)	0%	ReversingLabs
C:\Windows\System32\drivers\MbamChameleon.sys	0%	ReversingLabs
C:\Windows\System32\drivers\MbamElam.sys	0%	ReversingLabs
C:\Windows\System32\drivers\mbamswissarmy.sys	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\7z.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\7z.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\AEControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ActionsShim.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\ArwLib.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Assistant.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\BrowserSDKDLLShim.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CleanControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\CloudControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\DryIoc.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\LicenseControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMCrashHandler.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMService.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMShim.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBAMWsc_Legacy.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBUpdateDlg.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnelService.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_mbtun.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wintun.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MBVpnTunnel_wireguard.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MWACControllerImpl.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Interop.Activation.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.Protection.Interop.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Controls.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Style.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Dark.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Light.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.Theme.Primitives.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.UI.TrayNotification.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Malwarebytes_Assistant.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamBgNativeMsg.exe	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Core.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Data.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Services.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.Tray.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\MbamUI.UICommon.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Data.Sqlite.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Abstractions.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Relational.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.Sqlite.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.EntityFrameworkCore.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Abstractions.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Caching.Memory.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Configuration.Abstractions.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.Abstractions.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyInjection.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.DependencyModel.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.Abstractions.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Logging.dll	0%	ReversingLabs
C:\Windows\Temp\MBInstallTemp1a8fa81bfc8a11eeb05cecf4bbea1588\ctlrpkg\Microsoft.Extensions.Options.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
http://www.appinf.com/properties/bla-activation-threshold	0%	Virustotal		Browse
https://subscribe-staging.mwbsys.com	0%	Virustotal		Browse
http://www.appinf.com/features/enable-partial-reads	0%	Virustotal		Browse
https://cdn.mwbsys.com:443/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102	0%	Virustotal		Browse
https://cdn.mwbsys.com/packages/mbam-c.sevenzip.32bit/0/e/8/7/0e872772dae952c6da648cb5914b4304/91bef	0%	Virustotal		Browse
http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.malwarebytes.com/images/mb-logo-2.png	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.google.com/policies/privacy	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.appinf.com/properties/bla-activation-threshold	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false	0%, Virustotal, Browse	unknown
https://subscribe-staging.mwbsys.com	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp, MBAMService.exe, 0000000A.00000003.2468740901.000002160A797000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.appinf.com/features/enable-partial-reads	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false	0%, Virustotal, Browse	unknown
http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#	MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://ocsp.sectigo.com0	MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://ark.mwbsys.com/bgext8	MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.adr.org/Rules	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://ark.mwbsys.com/bgextce	MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youronlinechoices.eu/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com/packages/mbam-c.sevenzip.32bit/0/e/8/7/0e872772dae952c6da648cb5914b4304/91bef	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false	0%, Virustotal, Browse	unknown
https://cdn.mwbsys.com:443/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102	MBSetup.exe, 00000000.00000003.2444931439.0000000004C67000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844874753.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1844715993.0000000004C64000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1843077591.0000000004C64000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://links.malwarebytes.comnohttps://subscribe-staging.mwbsys.comacctOwnerFirstNameacctOwnerLastN	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
https://malwarebytes.com/supportstring	MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://links.malwarebytes.comYI	MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.mwbsys.com/	MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://xml.org/sax/features/namespace-prefixes	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://support.malwarebytes.com/hc/en-us/articles/360039142934-Installation-troubleshooting-for-Mal	MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	false		high
https://links.malwarebytes.com/support/mb/windows/security-other-avhttps://links.malwarebytes.com/su	MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	false		high
http://xml.org/sax/features/string-interning	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://www.malwarebytes.com/images/uploads/2020/07/30233020/EULA_Chart-2.png	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://xml.org/sax/features/external-parameter-entities	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://ark.mwbsys.com/mb.dotnetruntime.win.x64/release	MBAMInstallerService.exe, 00000002.00000003.2008357187.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release1	MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ark.mwbsys.com/	MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.appinf.com/features/no-whitespace-in-element-contenthttp://xml.org/sax/features/validatio	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
https://cdn.mwbsys.com/packages/mbam-c.isvc.64bitv5/c/c/9/1/cc91fbc5e424154388afbe808de25ff6/102f6bc	MBSetup.exe, 00000000.00000003.2444345366.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.malwarebytes.com/eula/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.css	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.malwarebytes.com/legal/privacy-policyopenhttps://www.malwarebytes.com/eula/MBAM-Crelease	MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	false		high
https://ark.mwbsys.com/mbam-c.dbcls.64bitv5/release	MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://fr.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com/packages/mbam-c.bgext.32bit/d/6/9/0/d69098824cb3f15eba951cc1848bcc85/11feade3	MBSetup.exe, 00000000.00000003.2622235015.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.appinf.com/properties/bla-maximum-amplification	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
https://cdn.jsdelivr.net/npm/slick-carousel	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com/packages/mbam-c.svc.64bitv5/9/2/7/d/927d42fa5b00a0bda8e9604e74f25979/0b804105	MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3C42000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pt.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick-theme.css	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://ark.mwbsys.com/mbam-c.isvc.64bitv5/release	MBSetup.exe, 00000000.00000003.2445362612.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://aws.amazon.com/compliance/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t	MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.malwarebytes.com/support/lifecycle/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://malwarebytes.com/support	MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://block.malwarebytes.comallowlistsbgCloudTimeoutblocklistsblockpagebrowserOnlyProtectiondomain	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
https://www.malwarebytes.com/js/mess.js	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://code.jquery.com/jquery-3.3.1.min.js	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://msdn.micros	MBAMService.exe, 00000009.00000003.2452838840.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000002.2454379553.00000264B427B000.00000004.00000020.00020000.00000000.sdmp, MBAMService.exe, 00000009.00000003.2453426133.00000264B427B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pl.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://ru.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.appinf.com/features/no-whitespace-in-element-content	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
http://www.malwarebytes.com/legal	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://links.malwarebytes.com/link/uninstalled?days_since_install=launching	MBSetup.exe, 00000000.00000000.1650375405.0000000000809000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp, MBSetup.exe, 00000000.00000003.1651236201.0000000002659000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1651265227.000000000265A000.00000004.00000020.00020000.00000000.sdmp, MBSetup.exe, 00000000.00000003.1676201400.000000000283A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.privacyshield.gov/list	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://preferences-mgr.truste.com/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://sectigo.com/CPS0	MBAMInstallerService.exe, 00000002.00000003.2024376899.0000015EF4A66000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2023088147.0000015EF50AE000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF784256000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2018209780.0000015EF46AB000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000000.1845634681.00007FF783E9F000.00000002.00000001.01000000.0000000A.sdmp, MBAMInstallerService.exe, 00000002.00000003.2022178107.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBVpnTunnelService.exe, 00000005.00000003.2284751755.0000018753023000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2428356278.0000027072D00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2425307600.0000027072CA9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ark.mwbsys.com/q.	MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.cookielaw.org/consent/9530a107-0af8-4204-a2c2-217efb78222b.js	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://xml.org/sax/features/external-general-entities	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://ark.mwbsys.com:443/mbam-c.svc.64bitv5/release	MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1901746615.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1864398090.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.1943161971.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ark.mwbsys.com/3/N	MBAMInstallerService.exe, 00000002.00000003.1943216300.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://es.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://xml.org/sax/features/namespaces	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://ark.mwbsys.com/LPsd	MBSetup.exe, 00000000.00000003.2445362612.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.wireguard.com/D	MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://block.malwarebytes.com	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.jamsadr.com/eu-us-privacy-shield.	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		unknown
https://www.malwarebytes.com/images/share/Malwarebytes-homepage-share.jpg	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.google.com/policies/privacy	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com:443/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca4	MBAMInstallerService.exe, 00000002.00000003.2008507733.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ark.mwbsys.com/8	MBSetup.exe, 00000000.00000003.2622235015.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.adr.org/Forms	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://nl.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://links.malwarebytes.comfi	MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.mwbsys.com/packages/mbam-c.ctlr.64bitv5/9/e/f/5/9ef598bb4c2426f4b31baebf99fce838/e8691b7	MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://xml.org/sax/properties/declaration-handler	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://links.malwarebytes.com	MBAMService.exe, 0000000A.00000003.2468398420.000002160A785000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.malwarebytes.com/eula/services-agreement/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com/packages/mb.dotnetruntime.win.x64/5/b/9/c/5b9c2c0ca079ea2f33181a1ef938ca40/51	MBAMInstallerService.exe, 00000002.00000003.2008450880.0000015EF3BFF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	drvinst.exe, 00000008.00000002.2434287955.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000003.2432411808.0000027072CA5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://xml.org/sax/features/validation	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://br.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.mwbsys.com/packages/mbam-c.dbcls.64bitv5/7/0/3/c/703c717289fea89d7b39642c7b8bc66e/8a445d	MBAMInstallerService.exe, 00000002.00000003.1943053820.0000015EF3C43000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		unknown
http://www.microsoft.h_	drvinst.exe, 00000008.00000003.2432411808.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000008.00000002.2434287955.0000027072CCC000.00000004.00000020.00020000.00000000.sdmp	false		low
https://it.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.wireguard.net/D	MBAMInstallerService.exe, 00000002.00000003.2097374584.0000015EF47E0000.00000004.00001000.00020000.00000000.sdmp, MBAMInstallerService.exe, 00000002.00000003.2097629214.0000015EF4FE0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://ark.mwbsys.com/mbam-c.ctlr.64bitv5/release#R-	MBAMInstallerService.exe, 00000002.00000003.1901984347.0000015EF3C37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.malwarebytes.com	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high
http://xml.org/sax/properties/lexical-handler	MBAMInstallerService.exe, 00000002.00000000.1845438065.00007FF783D34000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://de.malwarebytes.com/privacy/	MBSetup.exe, 00000000.00000000.1650493980.0000000000861000.00000002.00000001.01000000.00000003.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.161.136.22	unknown	United States	16509	AMAZON-02US	false
44.199.68.15	unknown	United States	14618	AMAZON-AESUS	false
34.117.237.239	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
52.10.78.57	unknown	United States	16509	AMAZON-02US	false
34.117.188.166	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
35.82.157.101	unknown	United States	237	MERIT-AS-14US	false
3.163.101.87	unknown	United States	16509	AMAZON-02US	false
3.233.23.101	unknown	United States	14618	AMAZON-AESUS	false
23.216.73.151	unknown	United States	20940	AKAMAI-ASN1EU	false
34.234.125.19	unknown	United States	14618	AMAZON-AESUS	false
34.120.208.123	unknown	United States	15169	GOOGLEUS	false
45.83.223.233	unknown	Sweden	39351	ESAB-ASSE	false
23.20.67.183	unknown	United States	14618	AMAZON-AESUS	false
34.149.100.209	unknown	United States	2686	ATGS-MMD-ASUS	false
34.107.243.93	unknown	United States	15169	GOOGLEUS	false
3.161.136.57	unknown	United States	16509	AMAZON-02US	false
3.161.136.79	unknown	United States	16509	AMAZON-02US	false
34.107.221.82	unknown	United States	15169	GOOGLEUS	false
52.25.6.244	unknown	United States	16509	AMAZON-02US	false
35.244.181.201	unknown	United States	15169	GOOGLEUS	false
44.234.138.74	unknown	United States	16509	AMAZON-02US	false
34.231.228.179	unknown	United States	14618	AMAZON-AESUS	false
34.160.144.191	unknown	United States	2686	ATGS-MMD-ASUS	false
35.82.208.123	unknown	United States	237	MERIT-AS-14US	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427208
Start date and time:	2024-04-17 09:13:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MBSetup.exe
Detection:	SUS
Classification:	sus38.troj.evad.winEXE@37/761@0/25
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, MoUsoCoreWorker.exe
Execution Graph export aborted for target MBAMService.exe, PID 8144 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtSetValueKey calls found.
Report size getting too big, too many NtWriteFile calls found.
Skipping network analysis since amount of network traffic is too extensive

Simulations

Behavior and APIs

Time	Type	Description
09:14:00	API Interceptor	16066x Sleep call for process: MBSetup.exe modified
09:14:19	API Interceptor	3x Sleep call for process: MBAMInstallerService.exe modified
09:15:29	API Interceptor	3x Sleep call for process: MBAMService.exe modified
09:15:38	API Interceptor	2x Sleep call for process: svchost.exe modified
09:15:38	API Interceptor	1192x Sleep call for process: Malwarebytes.exe modified
09:15:48	API Interceptor	1x Sleep call for process: firefox.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
34.117.188.166	Evernote.exe	Get hash	malicious	LummaC	Browse
	VLJWG-Y3VJN-21LNUV2-AHEB0VE.hta	Get hash	malicious	Unknown	Browse
	https://mega.nz/file/1uN3EaxZ#CUbFeX5nzgfkR0qb6Ucg8nGbIFqE9cmqjhfatbJqPpk	Get hash	malicious	HTMLPhisher	Browse
	vm.dll	Get hash	malicious	CobaltStrike	Browse
	W2_AND_1095_PDF.jar	Get hash	malicious	Unknown	Browse
	https://Chem.microsoft@cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/#ZGFuaWVsLmNhcmRhb0BjaGVtLmx1	Get hash	malicious	Unknown	Browse
	https://carenetworkservices-my.sharepoint.com/:b:/g/personal/dburgess_ashlandhc_com/Ec-Zq4_m5URLoTCU-KGg_KMB9z03_-668TZH2YT4tEDNrg?e=oADOv8	Get hash	malicious	Unknown	Browse
	UpdaterTag.dll	Get hash	malicious	Unknown	Browse
	ZoominstallerFull.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse
	YmXa44bW67.exe	Get hash	malicious	Unknown	Browse
3.163.101.87	SecuriteInfo.com.Win32.TrojanX-gen.29663.14829.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.6370.3894.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	Blog.zip	Get hash	malicious	RHADAMANTHYS	Browse
	SecuriteInfo.com.Trojan.Siggen26.6766.7257.21259.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	file.exe	Get hash	malicious	RisePro Stealer	Browse
	R3qD3GiVhQ.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	5k3Ffb6Jl2.exe	Get hash	malicious	Unknown	Browse
	e0Ae1lY8DL.exe	Get hash	malicious	Unknown	Browse
	r1cE8H161I.exe	Get hash	malicious	RisePro Stealer	Browse
	file.exe	Get hash	malicious	RisePro Stealer	Browse
34.117.237.239	Evernote.exe	Get hash	malicious	LummaC	Browse
	VLJWG-Y3VJN-21LNUV2-AHEB0VE.hta	Get hash	malicious	Unknown	Browse
	https://mega.nz/file/1uN3EaxZ#CUbFeX5nzgfkR0qb6Ucg8nGbIFqE9cmqjhfatbJqPpk	Get hash	malicious	HTMLPhisher	Browse
	vm.dll	Get hash	malicious	CobaltStrike	Browse
	W2_AND_1095_PDF.jar	Get hash	malicious	Unknown	Browse
	https://Chem.microsoft@cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/#ZGFuaWVsLmNhcmRhb0BjaGVtLmx1	Get hash	malicious	Unknown	Browse
	https://carenetworkservices-my.sharepoint.com/:b:/g/personal/dburgess_ashlandhc_com/Ec-Zq4_m5URLoTCU-KGg_KMB9z03_-668TZH2YT4tEDNrg?e=oADOv8	Get hash	malicious	Unknown	Browse
	UpdaterTag.dll	Get hash	malicious	Unknown	Browse
	ZoominstallerFull.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse
	YmXa44bW67.exe	Get hash	malicious	Unknown	Browse
23.216.73.151	wsf.zip	Get hash	malicious	Remcos	Browse
	file.zip	Get hash	malicious	Unknown	Browse
	phish_alert_iocp_v1.4.48 (5).eml	Get hash	malicious	HTMLPhisher	Browse
	phish_alert_iocp_v1.4.48.eml	Get hash	malicious	HTMLPhisher	Browse
	BorradorRenta.xlsm	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	nsis-installer.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	nsis-installer.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	34.117.186.192
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	7AdIyN5s2K.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	34.117.186.192
	YUoiqJo8Sk.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	JR58WqLhRl.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
AMAZON-02US	http://139.144.214.53/5nXpDw325kdXA19thlgqqvurf31CSRUYYRTWNTDQNU30935IYSS28p9	Get hash	malicious	Phisher	Browse	3.163.101.110
	https://casestudybuddy.com	Get hash	malicious	Unknown	Browse	52.17.217.12
	n7h2Ze4ezf.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	bUAZ.exe	Get hash	malicious	Remcos	Browse	54.94.248.37
	https://bestohiomortgagerate.com/dream/mer/7/nobody@nobody.org	Get hash	malicious	HTMLPhisher	Browse	108.156.152.4
	https://fmcompan.pages.dev/	Get hash	malicious	PayPal Phisher	Browse	76.223.87.32
	SecuriteInfo.com.Trojan.Generic.35702255.16709.9631.msi	Get hash	malicious	Hidden Macro 4.0	Browse	3.141.55.131
	SecuriteInfo.com.Trojan.Generic.35702255.16709.9631.msi	Get hash	malicious	Hidden Macro 4.0	Browse	3.141.55.131
	https://ph2-cc-pages.s3.ap-southeast-2.amazonaws.com/microsoft-include-password-field/index.html	Get hash	malicious	Unknown	Browse	52.95.131.26
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	nsis-installer.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	nsis-installer.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	34.117.186.192
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.FileRepMalware.18165.2747.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	7AdIyN5s2K.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	34.117.186.192
	YUoiqJo8Sk.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	JR58WqLhRl.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
AMAZON-02US	http://139.144.214.53/5nXpDw325kdXA19thlgqqvurf31CSRUYYRTWNTDQNU30935IYSS28p9	Get hash	malicious	Phisher	Browse	3.163.101.110
	https://casestudybuddy.com	Get hash	malicious	Unknown	Browse	52.17.217.12
	n7h2Ze4ezf.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	bUAZ.exe	Get hash	malicious	Remcos	Browse	54.94.248.37
	https://bestohiomortgagerate.com/dream/mer/7/nobody@nobody.org	Get hash	malicious	HTMLPhisher	Browse	108.156.152.4
	https://fmcompan.pages.dev/	Get hash	malicious	PayPal Phisher	Browse	76.223.87.32
	SecuriteInfo.com.Trojan.Generic.35702255.16709.9631.msi	Get hash	malicious	Hidden Macro 4.0	Browse	3.141.55.131
	SecuriteInfo.com.Trojan.Generic.35702255.16709.9631.msi	Get hash	malicious	Hidden Macro 4.0	Browse	3.141.55.131
	https://ph2-cc-pages.s3.ap-southeast-2.amazonaws.com/microsoft-include-password-field/index.html	Get hash	malicious	Unknown	Browse	52.95.131.26
AMAZON-AESUS	http://139.144.214.53/5nXpDw325kdXA19thlgqqvurf31CSRUYYRTWNTDQNU30935IYSS28p9	Get hash	malicious	Phisher	Browse	35.153.110.80
	https://theredhendc.com	Get hash	malicious	Unknown	Browse	52.71.238.51
	https://telegra.ph/Stephen-M-Hickey-04-10	Get hash	malicious	HTMLPhisher	Browse	35.170.12.36
	https://hatdotgov.freewebhostmost.com/	Get hash	malicious	TechSupportScam	Browse	100.24.193.230
	https://webex-install.com	Get hash	malicious	NetSupport RAT	Browse	3.226.143.241
	You have a newly assigned document from Frey Navarro P.L.L.C. .msg	Get hash	malicious	HTMLPhisher	Browse	54.221.7.233
	AdobeAcrobat2.1.2.msi	Get hash	malicious	AteraAgent	Browse	54.175.191.205
	RES094464-2180.ppam	Get hash	malicious	RevengeRAT	Browse	54.91.135.60
	http://live-uoe-edweb.pantheonsite.io	Get hash	malicious	Unknown	Browse	54.237.92.187
	https://www.dropbox.com/l/AABrfWjSV514IDLhR60LLT60TO4apO7UVoY/privacy#privacy	Get hash	malicious	Unknown	Browse	75.101.128.186

Process:	C:\Users\user\Desktop\MBSetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.2516291673878226
Encrypted:	false
SSDEEP:	3:Hy:Hy
MD5:	9F06243ABCB89C70E0C331C61D871FA7
SHA1:	FDE773A18BB29F5ED65E6F0A7AA717FD1FA485D4
SHA-256:	837CCB607E312B170FAC7383D7CCFD61FA5072793F19A25E75FBACB56539B86B
SHA-512:	B947B99D1BADDD347550C9032E9AB60B6BE56551CF92C076B38E4E11F436051A4AF51C47E54F8641316A720B043641A3B3C1E1B01BA50445EA1BA60BFD1B7A86
Malicious:	false
Preview:	test..

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073617318402726
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr8:KooCEYhgYEL0In
MD5:	8F9F8EBF4AFDD9197AE8ECC81D2EAE98
SHA1:	F48C783CAE8DB303D346E1813175ED269C168C7F
SHA-256:	151CEBF28957196C15D8682991A97DA0BEAE3EA8792C36309C490A3FC46D921C
SHA-512:	986BED56E3CC13BE15EFCFD08AE480F3F5131396FF4C96C3B675F2DD6E8A3C02DE309FFD28FB7436CBB1D0BE5B53CACD50240879FCF135BBBEF286A56FA79179
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	1906
Entropy (8bit):	5.5538908997445064
Encrypted:	false
SSDEEP:	48:FjfmAP/5H7cXq7lthzHU/lltFDmDQB7581EjEkD:Fj+AnlAXq7ltZHUxp/qeEkD
MD5:	5D1917024B228EFBEAB3C696E663873E
SHA1:	CEC5E88C2481D323EC366C18024D61A117F01B21
SHA-256:	4A350FC20834A579C5A58352B7A3AA02A454ABBBD9EECD3CD6D2A14864A49CD8
SHA-512:	14B345F03284B8C1D97219E3DD1A3910C1E453F93F51753F417E643F50922E55C0E23AAB1D437300E6C196C7017D7B7538DE4850DF74B3599E90F3941B40AB4A
Malicious:	false
Preview:	;..; Copyright (C) 2020 Malwarebytes. All Rights Reserved.....[Version]..Signature = "$Windows NT$"..Class = Net..ClassGUID = {4D36E972-E325-11CE-BFC1-08002BE10318}..Provider = %MBTun.CompanyName%..DriverVer = 09/03/2020, 1.0.0.0..CatalogFile.NT = mbtun.cat..CatalogFile = mbtun.cat....[Manufacturer]..%MBTun.CompanyName% = %MBTun.Name%, NTamd64....[SourceDisksNames]..1 = %MBTun.DiskDesc%, "", ,....[SourceDisksFiles]..mbtun.sys = 1....[DestinationDirs]..DefaultDestDir = 12..MBTun.CopyFiles.Sys = 12....[MBTun.CopyFiles.Sys]..mbtun.sys, , , 0x00004002 ; COPYFLG_IN_USE_RENAME \| COPYFLG_NOSKIP....[MBTun.NTamd64]..%MBTun.DeviceDesc% = MBTun.Install, mbtun....[MBTun.Install]..Characteristics = 0x1 ; NCF_VIRTUAL..AddReg = MBTun.Ndi..CopyFiles = MBTun.CopyFiles.Sys..IfType = 53 ; IF_TYPE_PROP_VIRTUAL..MediaType = 19 ; NdisMediumIP..*PhysicalMediaType = 0 ; NdisPhysicalMediumUnspecified..EnableDhcp = 0 ; Disable DHCP....[MBTun.Install.Services]..AddService = mbtun, 2, MBTun.Service, MBTun.Event

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.0522420857261565
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	MBSetup.exe
File size:	2'589'624 bytes
MD5:	b6d8b7e6f74196f62caba2ca77a7ae91
SHA1:	6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256:	74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
SHA512:	ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044
SSDEEP:	49152:/5wZat2ranBQjvaq/Gtl8StQyfvE0Z3R0nxiIq2ddBzOnX:/5wZauUBQjvL0SKtQRq2cnX
TLSH:	24C58D21B2D14124E5B3D631297DB7EB4A76BC256F35418F32D8B63C0B72AC09D36B26
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Lo.."<.."<.."<..!=.."<..'=[."<..!=.."<..&=.."<..'=l."<..&=.."<..$=.."<..#=.."<..#< ."<H.+=.."<H..<.."<...<.."<H. =.."<Rich.."

Entrypoint:	0x46ee6e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65F9D006 [Tue Mar 19 17:48:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	63ccd71a76a39a85385ce6d1810f26c1

Signature Valid:	true
Signature Issuer:	CN=Sectigo RSA Code Signing CA 2, O=Sectigo Limited, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	23/03/2022 00:00:00 16/03/2025 23:59:59
Subject Chain	CN=Malwarebytes Inc., O=Malwarebytes Inc., S=California, C=US
Version:	3
Thumbprint MD5:	ECA3BD5C57433237AA1CE99AD78E0A95
Thumbprint SHA-1:	0A5E143F869DA652384B3EC6E735F6A7D9ADCD41
Thumbprint SHA-256:	DBD30BD9BD76C363B669665083A37B462F3F71F5DB2AB069965F9C7BECEF87D9
Serial:	00A657F778B31AE523D667131718D16EB2

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe4e84	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xec000	0x1790e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x26ca00	0xb9b8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x266000	0xaa60	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xd4ca0	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xd4d10	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xbcc98	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xb9000	0x2ec	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xe34d4	0x1a0	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb7176	0xb7200	0bcd0b63a788c5045bafe1a702069ac3	False	0.4951738481228669	data	6.591464716657871	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xb9000	0x2cfd8	0x2d000	abc5fe1d45f9a7de85a94cb431abc237	False	0.3821940104166667	data	5.051474947374988	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe6000	0x5bdc	0x4600	3d0a1c376e9427186aae54ffd515142d	False	0.21964285714285714	DOS executable (block device driver pyright)	4.695809721090909	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xec000	0x1790e0	0x179200	89fd5a692f5e405dbb1ec8adb3fbd385	False	0.602910331040769	data	7.129603492160749	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x266000	0xaa60	0xac00	fbabbe59a77eae86d1bb46d0e27e3cad	False	0.6624727470930233	data	6.680862239273161	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

DLL	Import
KERNEL32.dll	LeaveCriticalSection, RaiseException, EnterCriticalSection, GetLastError, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, GetModuleFileNameW, InitializeCriticalSectionEx, DeleteCriticalSection, IsWow64Process, GetCurrentProcess, VerifyVersionInfoW, VerSetConditionMask, GetSystemDirectoryW, CreateFileW, DeviceIoControl, CloseHandle, GetCurrentThreadId, SetLastError, Sleep, DeleteFileW, GlobalFree, LockResource, FindResourceExW, LocalFree, FormatMessageW, LocalAlloc, CallNamedPipeW, GetWindowsDirectoryW, SetCurrentDirectoryW, GetCommandLineW, lstrcmpiW, CreateMutexW, GetNativeSystemInfo, GetDiskFreeSpaceExW, FindFirstFileW, FindClose, CreateProcessW, FindNextFileW, WideCharToMultiByte, GlobalAlloc, GlobalLock, SetThreadUILanguage, LoadLibraryW, CreateDirectoryW, GetLogicalDrives, GetTempPathW, MoveFileExW, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, OpenProcess, ResumeThread, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, K32GetModuleFileNameExW, GetCurrentDirectoryW, GetCurrentProcessId, GetModuleFileNameA, OutputDebugStringW, SetEndOfFile, WriteConsoleW, SetStdHandle, GetProcAddress, GetModuleHandleW, FreeLibrary, GetProcessHeap, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, HeapDestroy, DecodePointer, MulDiv, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, GetTimeZoneInformation, ReadConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeFormatW, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, FindFirstFileExW, GetFileAttributesW, GetFileAttributesExW, GetFileInformationByHandle, RemoveDirectoryW, AreFileApisANSI, CopyFileW, DuplicateHandle, WaitForSingleObjectEx, SwitchToThread, GetCurrentThread, QueryPerformanceCounter, TryEnterCriticalSection, EncodePointer, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, SetEvent, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, CreateTimerQueue, SignalObjectAndWait, CreateThread, SetThreadPriority, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes, FreeLibraryAndExitThread, GetModuleHandleA, GetVersionExW, ReleaseSemaphore, InterlockedFlushSList, QueryDepthSList, UnregisterWaitEx, RtlUnwind, ExitProcess, GetModuleHandleExW, GetCommandLineA, ExitThread, GetStdHandle, WriteFile, GetFileType, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, GetFileSizeEx, GetDateFormatW
dwmapi.dll	DwmGetWindowAttribute
CRYPT32.dll	CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CertGetNameStringW, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject
RPCRT4.dll	UuidToStringW, RpcStringFreeW, UuidCreate

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia
German	Germany
French	France
Italian	Italy
Dutch	Netherlands
Polish	Poland
Portuguese	Brazil
Portuguese	Portugal

Target ID:	0
Start time:	09:13:58
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\MBSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MBSetup.exe"
Imagebase:	0x750000
File size:	2'589'624 bytes
MD5 hash:	B6D8B7E6F74196F62CABA2CA77A7AE91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	09:14:17
Start date:	17/04/2024
Path:	C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
Imagebase:	0x7ff783900000
File size:	10'102'920 bytes
MD5 hash:	CC91FBC5E424154388AFBE808DE25FF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	09:15:01
Start date:	17/04/2024
Path:	C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
Imagebase:	0x7ff7514b0000
File size:	3'073'888 bytes
MD5 hash:	46F875F1FE3D6063B390E3A170C90E50
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	7
Start time:	09:15:15
Start date:	17/04/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	9
Start time:	09:15:17
Start date:	17/04/2024
Path:	C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
Imagebase:	0x7ff7e2100000
File size:	8'884'840 bytes
MD5 hash:	B9251F9808C8ADE391E452F12F87E20D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	09:15:18
Start date:	17/04/2024
Path:	C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
Imagebase:	0x7ff7e2100000
File size:	8'884'840 bytes
MD5 hash:	B9251F9808C8ADE391E452F12F87E20D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	14
Start time:	09:15:34
Start date:	17/04/2024
Path:	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Imagebase:	0x7ff767090000
File size:	295'928 bytes
MD5 hash:	F78BA9ED5C75BA595C2C73483C06EB06
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	15
Start time:	09:15:35
Start date:	17/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	18
Start time:	09:15:36
Start date:	17/04/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\user\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	21
Start time:	09:15:37
Start date:	17/04/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MBSetup.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Cryptography

Privilege Escalation

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\mbamtestfile.dat

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (copy)

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys

C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe:Zone.Identifier

Windows Analysis Report
MBSetup.exe

Target ID:	23
Start time:	09:15:44
Start date:	17/04/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1484 -parentBuildID 20230927232528 -prefsHandle 1172 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e93150-a637-4ba5-a6bb-da042e33bf31} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 13b0a834310 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre