Collect an in-memory dump file with Malwarebytes for Windows v3

Document created by jyamada Employee on May 17, 2017Last modified by jgolomb on Nov 25, 2019
Version 9Show Document
  • View in full screen mode

Working with our technical specialists you may need to run some tools and get some files. One such file is an In-Memory Dump file. This file is used to see what was happening at the time of a critical error. This article will show you how to collect this file to make it available for your to send to the Technical Support Specialist you are working with. 


Collect an in-memory dump file

  1. Open Malwarebytes and go to Settings > Protection.

  2. Turn off Self-Protection.

  3. Download Process Explorer executable (procexp.exe) from Sysinternal.
    Note:  For more information on Process Explorer, go to Process Explorer - Wikipedia.

  4. Run procexp.exe.

  5. Click on File > Show Processes for All Users.

  6. Choose Yes on the UAC prompt.

  7. Start a scan with Malwarebytes.

  8. When the scan becomes stuck, wait 5-10 minutes.

  9. With the scan still stuck, go back to Process Explorer and look for MBAMSeverice.exe in the list.

  10. Right click on MBAMService.exe and choose Create Dump > Create Full Dump

  11. Save the file to your Desktop.
    Note: The dump file may be very large. It may take awhile to save to your Desktop. Wait about 30 seconds before closing Process Explorer.


Once the file is saved, follow the Agent's instructions on how to send it to the Agent.