Analysis Overview
SHA256
4205b5eddc13a65524ad26863ce048ca67ea2cca3bae20ddcc73d7cce926f8c7
Threat Level: Known bad
The file Valyse Launcher.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Suspicious use of NtCreateUserProcessOtherParentProcess
Bazar/Team9 Backdoor payload
Modifies RDP port number used by Windows
Sets service image path in registry
Sets file execution options in registry
Drops file in Drivers directory
Downloads MZ/PE file
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
Checks BIOS information in registry
Registers COM server for autorun
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
AutoIT Executable
Checks system information in the registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious behavior: MapViewOfSection
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Enumerates system info in registry
Enumerates processes with tasklist
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-07 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-07 20:19
Reported
2023-04-07 20:39
Platform
win10-20230220-en
Max time kernel
956s
Max time network
958s
Command Line
Signatures
BazarBackdoor
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1400 created 3176 | N/A | C:\Users\Admin\Downloads\MBSetup-01908E66.exe | C:\Windows\Explorer.EXE |
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup-01908E66.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET3EB0.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET37E9.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET3EB0.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET4C2F.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET4C7E.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET37E9.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET4C2F.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET4C7E.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup-01908E66.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup-01908E66.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MBSetup-01908E66.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.173.45\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Checks installed software on the system
Enumerates connected drives
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\BasicTableView.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ToolTip.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Slider.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\msedgeupdateres_nb.dll | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\msedge.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-synch-l1-2-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\ScrollViewStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\MenuSeparator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\msedgeupdateres_et.dll | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Locales\fi.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\onnxruntime.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\edge_feedback\mf_trace.wprp | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Locales\en-US.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\Locales\sr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\SliderGroove.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\pwahelper.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckDelegate.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Popup.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\plugins.qmltypes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Locales\is.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected] | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\StatusBarStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Drawer.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\SpinBox.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Locales\pt-PT.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Trust Protection Lists\Mu\Entities | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Trust Protection Lists\Mu\Social | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\Trust Protection Lists\Sigma\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\Trust Protection Lists\Mu\TransparentAdvertisers | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ModalPopupBehavior.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Label.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\PageIndicator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\EdgeWebView.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_da.qm | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\StatusIndicatorStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\CheckIndicator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\ToolSeparator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\EdgeUpdate.dat | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\telclient.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmldir | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\BasicTableViewStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\OfflineManifest.gup | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Frame.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\MenuBarItem.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\msedgeupdateres_kn.dll | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Locales\sv.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.63\Locales\nb.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\FastGlow.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\XmlListModel\qmldir | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\msedgeupdateres_da.dll | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Notifications\SoftLandingAssetDark.gif | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\SwipeView.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ELAMBKUP\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\Valyse Launcher.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%systemroot%\system32\wsdapi.dll,-200 = "Trusted Devices" | C:\Windows\system32\certutil.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\SessEnv.dll,-101 = "Remote Desktop" | C:\Windows\system32\certutil.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\certutil.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\HELPDIR | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}\1.0\0\win64\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\\14" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.RTPController.1\CLSID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2650A9C4-A53C-4BEF-B766-7405B4D5562B} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63A6AB57-4679-4529-B78D-143547B22799} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{82AA83E1-EC24-4908-90E5-FAA212B30200}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}\1.0\HELPDIR | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A0A45F1-CFB6-49A7-BBC4-8776F94857A8}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\0\win64 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{96C7187E-6EC4-49BD-88C7-04A3A8A97CC5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B59F38D8-23CF-4D7F-BAE8-939738B3001B}\ = "IAEControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\TypeLib\ = "{EEC295FA-EC51-4055-BC47-022FC0FC122F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A0A45F1-CFB6-49A7-BBC4-8776F94857A8}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{748A86D4-7EDF-41EF-A1EF-9582643B1C9F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90A62FAD-6FA9-4454-8CEE-7EDF67437226}\ = "IScannerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{25321640-5EF1-4095-A0DA-30DE19699441} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AC94F2-D545-438F-9156-C231B7D94A56}\ = "ILicenseControllerV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6357A98F-CE03-4C67-9410-00907FB21BC7}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt\ = "MBAMShlExt Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79CAE9D0-99AA-4FEB-B6B1-1AC1A2D8F874}\ = "IUpdateControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C4652FC-FA35-4394-A133-F68409776465} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\VersionIndependentProgID\ = "MB.LicenseController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F49090F8-7DC6-4CBC-893A-C1B3DCF88D87}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0D8223D-D594-4147-BAD8-1E2B54ED1990}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BE43CF28-943E-4BA2-9B74-00CC57E7B1FC}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C4652FC-FA35-4394-A133-F68409776465}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b272000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b27030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f1140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\Valyse Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Valyse Launcher.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8bce49758,0x7ff8bce49768,0x7ff8bce49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1732,i,5099182467607092422,2607609778359808592,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8bce49758,0x7ff8bce49768,0x7ff8bce49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7cde77688,0x7ff7cde77698,0x7ff7cde776a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3672 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4328 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4468 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4648 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4596 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4372 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5408 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2876 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5204 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5484 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3168 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5768 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1872,i,12943256427764597870,8992572555058941688,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\Valyse Launcher.exe
"C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\Valyse Launcher.exe"
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe
"C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\webview.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU23B1.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUEzRThBNDctRUY0OS00NUIzLTkxMzktRDlGRUQxODRGMkZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswMEY0MzU3MS01OTNDLTREQzQtOTc2NC1GNEMxODhGRUI0MEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTczLjQ1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjQ2NDM0MjMwIiBpbnN0YWxsX3RpbWVfbXM9IjE1MjQiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{5A3E8A47-EF49-45B3-9139-D9FED184F2FB}" /silent /offlinedir "{A0CE7579-91BB-443D-9D01-99F61F21F758}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUEzRThBNDctRUY0OS00NUIzLTkxMzktRDlGRUQxODRGMkZCfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7RDZBOTkyNjAtOEQ5Mi00MURGLUE0MUYtMzJGRDc4MTcyNUExfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjQiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI1NjQzNDk2MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\MicrosoftEdgeWebview_X86_110.0.1587.63.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\MicrosoftEdgeWebview_X86_110.0.1587.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\EDGEMITMP_80410.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4272B6E2-761F-4F11-AA79-3669F7CFF097}\MicrosoftEdgeWebview_X86_110.0.1587.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1716" "936" "912" "932" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "712" "688" "644" "640" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzMuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzMuNDUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUEzRThBNDctRUY0OS00NUIzLTkxMzktRDlGRUQxODRGMkZCfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7OUM2NUY2NkQtMEVFNi00MTI3LTgwNDUtRDNCNDgxRTBEMUQ1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjQiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMTAuMC4xNTg3LjYzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mjg1OTY1Mzk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI4NjEyMTQ5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczMDI4NDE0MDkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzIxNDM0NzQ5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjYiIGVycm9yY29kZT0iODciIGV4dHJhY29kZTE9IjEwNzQ3OTA0MDAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwNDU4MjE4NDIiIGRvd25sb2FkZWQ9IjEyOTA4Mjg0MCIgdG90YWw9IjEyOTA4Mjg0MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNzI0MjMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1820" "896" "872" "892" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "388" "544" "1136" "548" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /unregserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.173.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe
"C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe" launcher-type-valyse
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 3188
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\Valyse Launcher.exe
"C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\Valyse Launcher.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 2416
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8bce49758,0x7ff8bce49768,0x7ff8bce49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4528 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3664 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4656 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5204 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1804,i,13631234028806449058,16307935786015202385,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup-01908E66.exe
"C:\Users\Admin\Downloads\MBSetup-01908E66.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Windows\system32\certutil.exe
"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\starfieldrootcag2_new.crt"
C:\Windows\system32\certutil.exe
"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\msrootca2020.crt"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
ig.exe reseed
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exe
ig.exe reseed
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\Downloads\MB-SupportTool.exe
C:\Users\Admin\Downloads\MB-SupportTool.exe ""
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
C:\Users\Admin\AppData\Local\Temp\7zSEC83.tmp\mbstub.exe
.\mbstub.exe ""
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af0055 /state1:0x41c64e6d
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus recommended /settingssubstatus none
Network
| Country | Destination | Domain | Proto |
| DE | 162.19.139.184:2222 | tcp | |
| US | 13.89.179.10:443 | tcp | |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 251.0.0.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | valyse.net | udp |
| US | 172.67.195.18:443 | valyse.net | tcp |
| US | 172.67.195.18:443 | valyse.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 172.67.195.18:443 | valyse.net | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.6.185:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 18.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.6.18.104.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.18.6.185:443 | challenges.cloudflare.com | udp |
| US | 104.18.6.185:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | d2x0u7rtw4p89p.cloudfront.net | udp |
| NL | 13.227.211.151:443 | d2x0u7rtw4p89p.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 151.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | eallywasnothy.com | udp |
| US | 172.64.106.19:443 | pogothere.xyz | tcp |
| US | 172.64.106.19:443 | pogothere.xyz | tcp |
| US | 8.8.8.8:53 | saweatherco.com | udp |
| US | 8.8.8.8:53 | moderningvigil.org | udp |
| US | 172.67.216.254:443 | saweatherco.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 52.222.139.109:443 | eallywasnothy.com | tcp |
| US | 157.240.251.35:443 | www.facebook.com | tcp |
| NL | 52.222.139.110:443 | moderningvigil.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 189.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.106.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.251.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 172.67.216.254:443 | saweatherco.com | udp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wildbearads.go2affise.com | udp |
| NL | 34.147.37.248:443 | wildbearads.go2affise.com | tcp |
| US | 8.8.8.8:53 | beargretakse.com | udp |
| NL | 188.72.236.34:443 | beargretakse.com | tcp |
| US | 8.8.8.8:53 | back-may.com | udp |
| US | 188.114.97.0:443 | back-may.com | tcp |
| US | 188.114.97.0:443 | back-may.com | tcp |
| US | 8.8.8.8:53 | filetoosend.com | udp |
| US | 188.114.96.0:443 | filetoosend.com | tcp |
| US | 188.114.96.0:443 | filetoosend.com | udp |
| US | 8.8.8.8:53 | 248.37.147.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.236.72.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 104.16.85.20:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.250.179.193:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 20.85.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 172.67.195.18:443 | valyse.net | udp |
| US | 8.8.8.8:53 | boxrest.website | udp |
| US | 104.21.29.84:443 | boxrest.website | tcp |
| US | 8.8.8.8:53 | fleshwax.icu | udp |
| US | 104.21.44.152:443 | fleshwax.icu | tcp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.16.85.20:443 | cdn.jsdelivr.net | udp |
| US | 172.67.74.130:443 | yourjsdelivery.com | tcp |
| US | 69.16.175.42:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 84.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.44.21.104.in-addr.arpa | udp |
| US | 172.67.74.130:443 | yourjsdelivery.com | tcp |
| US | 69.16.175.42:443 | code.jquery.com | tcp |
| US | 104.21.44.152:443 | fleshwax.icu | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.2.133:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | sock.tofu.lol | udp |
| US | 172.67.199.21:443 | sock.tofu.lol | tcp |
| US | 8.8.8.8:53 | 130.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.210.52.in-addr.arpa | udp |
| US | 172.67.199.21:443 | sock.tofu.lol | tcp |
| US | 8.8.8.8:53 | 21.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.39.108:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 108.39.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.136.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sock.tofu.lol | udp |
| US | 104.21.21.135:443 | sock.tofu.lol | tcp |
| US | 8.8.8.8:53 | 135.21.21.104.in-addr.arpa | udp |
| US | 104.21.21.135:443 | sock.tofu.lol | tcp |
| US | 104.21.21.135:443 | sock.tofu.lol | tcp |
| US | 8.8.8.8:53 | 52.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| NL | 52.222.139.104:443 | malwarebytes.com | tcp |
| NL | 52.222.139.104:443 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| NL | 13.227.219.111:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 104.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 3.214.125.167:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| NL | 108.156.60.6:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| NL | 84.17.46.53:443 | plausible.io | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 167.125.214.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.46.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.188.97:443 | cdn.cookielaw.org | tcp |
| NL | 84.17.46.53:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 104.19.188.97:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.144.98:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 97.188.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.252.13:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| DE | 23.32.238.152:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | scripts.demandbase.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | cdn.bizible.com | udp |
| NL | 23.206.91.189:443 | munchkin.marketo.net | tcp |
| US | 8.8.8.8:53 | www.estore.malwarebytes.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 104.16.126.175:443 | unpkg.com | tcp |
| NL | 13.227.219.43:443 | scripts.demandbase.com | tcp |
| US | 152.195.58.59:443 | cdn.bizible.com | tcp |
| DE | 157.240.252.13:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 104.244.42.67:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | cdn.linkedin.oribi.io | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.244.42.197:443 | t.co | tcp |
| DE | 13.224.189.46:443 | cdn.linkedin.oribi.io | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| NL | 13.227.219.127:443 | api.company-target.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 98.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.252.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.238.32.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.91.206.23.in-addr.arpa | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 175.126.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.58.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.189.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 805-usg-300.mktoresp.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.20.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | segments.company-target.com | udp |
| DE | 143.204.215.97:443 | segments.company-target.com | tcp |
| US | 8.8.8.8:53 | cdn.bizibly.com | udp |
| US | 192.28.144.124:443 | 805-usg-300.mktoresp.com | tcp |
| US | 8.8.8.8:53 | 35.20.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.215.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.144.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 172.64.144.98:443 | privacyportal.onetrust.com | tcp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | www.estore.malwarebytes.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 192.48.215.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 54.84.184.49:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| DE | 99.86.4.72:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 49.184.84.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.4.86.99.in-addr.arpa | udp |
| US | 54.84.184.49:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.16:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 16.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 34.226.98.217:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 217.98.226.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | keystone.mwbsys.com | udp |
| US | 3.209.35.119:443 | keystone.mwbsys.com | tcp |
| US | 3.209.35.119:443 | keystone.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 119.35.209.3.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 3.209.35.119:443 | keystone.mwbsys.com | tcp |
| US | 52.11.184.140:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.32.68:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 173.223.113.131:80 | www.microsoft.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 140.184.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.155.64.172.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | links.malwarebytes.com | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | versionhistory.googleapis.com | udp |
| NL | 52.222.139.26:443 | links.malwarebytes.com | tcp |
| NL | 52.222.139.26:443 | links.malwarebytes.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| NL | 13.227.219.111:443 | www.malwarebytes.com | tcp |
| NL | 13.227.219.111:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| NL | 84.17.46.53:443 | plausible.io | tcp |
| NL | 84.17.46.53:443 | plausible.io | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 34.193.143.115:443 | genesis.malwarebytes.com | tcp |
| US | 34.193.143.115:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 185.250.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.95.206.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 18.65.32.234:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| NL | 108.156.60.114:443 | api.demandbase.com | tcp |
| NL | 108.156.60.114:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | 115.143.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.32.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| NL | 13.227.219.111:443 | www.malwarebytes.com | tcp |
| NL | 13.227.219.111:443 | www.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 44.207.153.143:443 | iris.mwbsys.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 143.153.207.44.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 3.230.137.231:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.37:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 231.137.230.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.139.222.52.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 54.84.184.49:443 | ark.mwbsys.com | tcp |
| US | 54.84.184.49:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | mbst.mwbsys.com | udp |
| DE | 13.225.78.14:443 | mbst.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 14.78.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| NL | 52.222.139.22:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | download.bleepingcomputer.com | udp |
| US | 104.20.128.30:443 | download.bleepingcomputer.com | tcp |
| US | 8.8.8.8:53 | 22.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.128.20.104.in-addr.arpa | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
| NL | 52.222.139.26:443 | downloads.malwarebytes.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| US | 8.8.8.8:53 | prod-www.malwarebytes.com | udp |
| US | 18.65.39.119:443 | prod-www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 119.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.215.48.192:443 | telemetry.malwarebytes.com | tcp |
Files
memory/5072-118-0x0000000000840000-0x0000000001EC0000-memory.dmp
memory/5072-119-0x0000000004010000-0x0000000004011000-memory.dmp
memory/5072-122-0x000000000ACA0000-0x000000000ACB0000-memory.dmp
\??\pipe\crashpad_3312_HHSZZCCQFVAFOZVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5072-126-0x0000000006640000-0x000000000664A000-memory.dmp
memory/5072-133-0x0000000006E00000-0x0000000007428000-memory.dmp
memory/5072-134-0x0000000006730000-0x0000000006760000-memory.dmp
memory/5072-146-0x0000000006890000-0x0000000006B48000-memory.dmp
memory/5072-148-0x000000000E380000-0x000000000E3B8000-memory.dmp
memory/5072-149-0x000000000ACA0000-0x000000000ACB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f7640e14da61b694e2a012e534c16208 |
| SHA1 | 02ca437b69c94e98f49194383eac91023b79a77f |
| SHA256 | c12d134860d9e7a7d1d7e79e4860121973a0461cd65bebb973337ef2c1f2bc12 |
| SHA512 | fea2cfa693b3fb087ee71fd50f9575c23185877af7b1c3351feba8dcb52f702bd5ac211edaf484293d2479279f42d2202f6cbcf1135d4ed82fffc430cff237f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6a3d87c-1665-4d7b-bd1d-aa308d00f56d.tmp
| MD5 | ad084ab02079b8ee7db6c872379d366c |
| SHA1 | 6613fdffb68ae129d7d2fedb4dd9119ec9c912a2 |
| SHA256 | d9fd103a4079031711a19f3470dd901099a4b2fd67ffe9e9b90389da90dace67 |
| SHA512 | cbf94d8334f5df52af2550ea50035651ce2534fcc00788094d0feebe044384926f9dfb377d15beb92adc9533c8a2ad7161bba7e595a4e6ca61f9cd68d14d16c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b8c8dbdca86a88406afbc2933c96509e |
| SHA1 | c6f147d8eb58dbe38c9e09816ba39dd51cc8c5d2 |
| SHA256 | e44d913f1650aa651db55e979de2fa6904b5c368bdfc70a196e785812225ce2d |
| SHA512 | a935a97ed70174dac5ef10908c9584895f48c3e9db1711fc05f960a02c9a62812b485a8346303ba2fe89bb7c224c5efcc9cee46631eb9cd29315ceb0ac466cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f260a2ec529beee554b18d4006b989a6 |
| SHA1 | f655b1af7371c66697a31a6a3de12fee1cb3c9a8 |
| SHA256 | e79db1816f22aec261af550b75c917c9a8bbfa28dbb05081ae1188f9a10561e5 |
| SHA512 | a59f351f836cdf4b1d80b5c9e2863ab56fabfd821218ae88919f583ac6d5b1550088ffc6e66121ddfed8680049b9e813b439c5608fd31a4e4afbf5706cfc9c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/5072-240-0x000000000ACA0000-0x000000000ACB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | fbab354013f22bda4e6b9b30404ff61a |
| SHA1 | b23b36d993d4c87f3969b853e20d354a09c74c94 |
| SHA256 | ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05 |
| SHA512 | e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | fbab354013f22bda4e6b9b30404ff61a |
| SHA1 | b23b36d993d4c87f3969b853e20d354a09c74c94 |
| SHA256 | ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05 |
| SHA512 | e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f7640e14da61b694e2a012e534c16208 |
| SHA1 | 02ca437b69c94e98f49194383eac91023b79a77f |
| SHA256 | c12d134860d9e7a7d1d7e79e4860121973a0461cd65bebb973337ef2c1f2bc12 |
| SHA512 | fea2cfa693b3fb087ee71fd50f9575c23185877af7b1c3351feba8dcb52f702bd5ac211edaf484293d2479279f42d2202f6cbcf1135d4ed82fffc430cff237f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | c347ecc1a8408f53f8223db597a51ad1 |
| SHA1 | 441f02631a3556d8f106dbf053308185b377b859 |
| SHA256 | 685164d94c64ce29f981183623891be7f987d26fc9418780db43c06de136580b |
| SHA512 | 47e3dfc92470284a498e4d7422549a17c7ea97b8a4a0065f6dc58ba6d1994c70f0d8196ff9e9beea390c3796df9c15c5858ff9c49f0793c5ea63f8e3029c2ca7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 4a9969b9ae1b9da0d1dfa5e03ef6be1d |
| SHA1 | b85ed2c4da702c4ec6e64be72b37f0f5f66ef5af |
| SHA256 | 9fbd836ca91956b05503415d067dd79b60757c90d84d88e0c4720b13bebce132 |
| SHA512 | f547a07ba13f35960ff55cc8bf1d2884d12b75d6a5a8ef43b86cfc39ddf638cff25eec233e75e78af7d48fef6470d418dd1c2b409476875018811df8c7bceaf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | e9894f596ee72b69cc5146d4af7ae8fa |
| SHA1 | 157def47ff8cc32c69b065e3abc620d9ab9c3d0a |
| SHA256 | 79367251f5ead3d333e787dc3963b590972ff712474b5835204d06900e7ea95b |
| SHA512 | efed93d19da548acd74180e8b94cc2493e7f39fe60b25bd09ce13c285ce034ec9210cd0eeb5ff25583611f3fe7350b1fede8e18a4afbc0d69b25cfa35fe52669 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad084ab02079b8ee7db6c872379d366c |
| SHA1 | 6613fdffb68ae129d7d2fedb4dd9119ec9c912a2 |
| SHA256 | d9fd103a4079031711a19f3470dd901099a4b2fd67ffe9e9b90389da90dace67 |
| SHA512 | cbf94d8334f5df52af2550ea50035651ce2534fcc00788094d0feebe044384926f9dfb377d15beb92adc9533c8a2ad7161bba7e595a4e6ca61f9cd68d14d16c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | e1c81f66705792e723effef415cb312f |
| SHA1 | be07247c39397128bad08a53ced7d3960ecd481f |
| SHA256 | 96e40a0fa4b1318f498dd08e160e6498bccc2a8b96af4a8fec9e502db3b4a232 |
| SHA512 | b5a96cda9b4c566a116e8e4b14085f997d1b4f8874bfb64e817ed5e4a90ecc23e5f89832a3537ea6e79ebbf8c6158fe27e4a3510837e13041a3d98ec33c31f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | dd302e381e5d753f600c589aead765de |
| SHA1 | 5835afae49420b1a7bf5088b12274be90e0845cc |
| SHA256 | 0fecbe5d22d6ab8254453d8c0df230c34d5adef80bce465f61d4b0e93abebfcc |
| SHA512 | 91a9485e1cc78c1e932c2892670129a81f5a0cd50e08ec4cbb22f28aef5cf215ac9f0c72f81e54a0ee81ec75f05344cd649f5141f26a1896e6cc16ae1c5d174d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 49e4c2a7008aeee39e9925bfc1303265 |
| SHA1 | d024e218c47962b1de20e03629ca4492339f7454 |
| SHA256 | ed93a7279f668ac65459f35349d0db3d3e4d18a5806acb31a337e1ae826300c3 |
| SHA512 | 314ad33fe453593f795667bb6bde88c09e5ab2e955c85abf797c223164c6e05a85d90457fec7bfad20204b61c264fe6680cf496de17a8ed6756305cc7da072dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 780e678b8bb963c5d799188af0ad9f7a |
| SHA1 | 6a53438d9c5a045502412d160908311f579bd6b7 |
| SHA256 | 87519cd2e1b65c9b0a46157b3f72b33cfd325a870c3ea917ddff916458e0e339 |
| SHA512 | aafe0345300ae95300a8df836200766f3000d1769293b712ff399c3a533f833377d835312344a5d19094db6389bff6850fe7c2683e865cd62e8e385470b24e4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 71bf265ca9c4e486761fe9f878f50225 |
| SHA1 | 43502c4d9f43b8c34673da68e8f11b8b825048af |
| SHA256 | bbdc3a1d5aa1073c267e2dc5f411059cac85fccf32cbae6305c469a687054b10 |
| SHA512 | edf3407990c1d769221a82b40a5f4932d343c8886d77c89af6e19d0a1d26463192ed11449e10558f7e90836499e7b9532fce0e68ea226a30069c15581e1b8d74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | bc3e48d1be0d1f3de722657ce039fb22 |
| SHA1 | d01ac15a0eee1729771c2066151c63923d71a99c |
| SHA256 | 5ba38a98d79e44bc244f719522a739c8c211bd46a85ddb6040c911b64b6747f6 |
| SHA512 | dd20e7d0824729d49cdd3aee626557582fdd1c90529866c299fe496f0187843dc617f8f420789290b67478f81fcc85451cacddd030d72ae8213cd042673cd8d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | eab0603b022f3608a597f141fcca7833 |
| SHA1 | ad9d35470cf29dba0fe8ddd6c104251ab47620c4 |
| SHA256 | 867bd360a5537d49743189cb71b0cfb8659d0a6be9e0e89bb162727532ca1c8c |
| SHA512 | 8cdad58d2f3eb65ef7658c2c8e55c7da364cccfe0837e2205c9af9a21a3924e3d9c335f606cefdbfb5964cf4c9da1fa55e58c3fd4acf2e9b8495441ee852db7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 830bee9e48a082d8cf252d0d9be24476 |
| SHA1 | 2835e1ab816b850ac569b757e5f603379d94952d |
| SHA256 | 40a2e617d15be254092bd652c883a9513cf0cbf993ee318a777c733cb0fb8928 |
| SHA512 | 9720b0be66946783b8572275bfe8bd528a0b353492182bbdc2dbdb56e97598f87f2c97e586d9789dc1398739e319f7e79fb46474a893a080ed9f7c5e59b8ced9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | f64fbcc19142fa9521157de6e610a300 |
| SHA1 | 9eb9c61dbac6295b242116c6c08c8dfa37c69218 |
| SHA256 | 313d6940fc59bf97153e24674b1b751350b50edd248b232468fae02412af3e11 |
| SHA512 | 8a4d07d35f89ca43fd1d645bd9debb4c26f3bae69592b0910bca9bb0e4b3da53dd6c2a99fde613e3a23519f5b5e59a80d3175a53cf3c5870186985a16bca0c1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 43a2355591dccaacde878e7f541143f6 |
| SHA1 | 8a5083e3f59508a81984c869ab6c8fc00e00be37 |
| SHA256 | 5c4cca320c3374557d93df5e86ce69d452a873716aeb44b80767fa102e57f970 |
| SHA512 | 3fcfbb22f6e27ffa5919097cd83c2b11e076be26856bc3c04a96848dbc1031218b3704d6028e223293920df2fc56c4c844364a5632389bef66ea68db403bab47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 2aae7c0841460f3070d081289157ca3f |
| SHA1 | 948459506fe5e691800f0365891013894580a180 |
| SHA256 | d428de15ee271dc0757c5d6f68e257819c5a2ec27ab38bf374476eef57dd7f72 |
| SHA512 | 2066da0153063c824abc9565c66b59974ca27a4b3cfb4279ba915c9b9e41a5ee26825fd89cb53cd283a69e6f90d47cb02c24e66aeb41af61dbde8eacbc2c0ee2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b8c8dbdca86a88406afbc2933c96509e |
| SHA1 | c6f147d8eb58dbe38c9e09816ba39dd51cc8c5d2 |
| SHA256 | e44d913f1650aa651db55e979de2fa6904b5c368bdfc70a196e785812225ce2d |
| SHA512 | a935a97ed70174dac5ef10908c9584895f48c3e9db1711fc05f960a02c9a62812b485a8346303ba2fe89bb7c224c5efcc9cee46631eb9cd29315ceb0ac466cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f260a2ec529beee554b18d4006b989a6 |
| SHA1 | f655b1af7371c66697a31a6a3de12fee1cb3c9a8 |
| SHA256 | e79db1816f22aec261af550b75c917c9a8bbfa28dbb05081ae1188f9a10561e5 |
| SHA512 | a59f351f836cdf4b1d80b5c9e2863ab56fabfd821218ae88919f583ac6d5b1550088ffc6e66121ddfed8680049b9e813b439c5608fd31a4e4afbf5706cfc9c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | c2cbd4dd9706a9df7d29da1c4fd57239 |
| SHA1 | f22348477b62445957084bcb11f2cca6f94e27e0 |
| SHA256 | e858b86c5cb90858d0d2eb08b9012ea5fb144246eb070206ceea6cfe8adb2b65 |
| SHA512 | cac0966f9d06e9122d1af2e5368ca346630053af3337a24997f6e450f66abf7f5db110fe062ffef13a6d40ff841c5e0a9108d733958d95be62b715f5961a5e21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | d45c093df950021d9f99f8a62b93db63 |
| SHA1 | 5e3b8e37d1aeb729c14ddc66f294e6cbc563eee4 |
| SHA256 | e0f67ff083376bf76d09287c5a87b412e044d669f79b456570a8a210875541b7 |
| SHA512 | 182296237f050bfdf1cc8c96b017f6f71cc2af654331aa770ba67d0e7c67d5ba54c66aa8669548be09e559716c8cb3f60c6e1f6c0ef59382d647ce3d80d223b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 66d514f7a4e15967dd615da85477a4fc |
| SHA1 | c5a54d294d0e31d2af5f0aee49e2b762d343899b |
| SHA256 | 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a |
| SHA512 | ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 47ae9b25af86702d77c7895ac6f6b57c |
| SHA1 | f56f78729b99247a975620a1103cac3ee9f313a5 |
| SHA256 | 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224 |
| SHA512 | 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13325379881978503
| MD5 | 1944f2e7fce03fcc5a01a9732e1aa169 |
| SHA1 | ba7b9a9040399c02c2c994e89a3811fd453e3ca5 |
| SHA256 | 8a13d7eb6a215fd2f8487b59caebc4e43a3bc3f52ccc92964616c94d1f3604ee |
| SHA512 | fac92600d0e0d9bdd02ab0e6b7e207f55e69ebddd38c26e86ba12563f40feb15fdf8a07b95acc8015d60bb8c22881f037d3db10d0e4205b7106a1e814996c607 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | a623ed219fd30f200560e7b8df04c9df |
| SHA1 | 666a296735dd0aa84bb3bceabf9739fad532ca21 |
| SHA256 | 38440b2699f82a2b2823419ebb1aab0f8da6fb36ee344ec9df1e0f449f33a776 |
| SHA512 | d5824ee834e049f182ad709c61be48f8e385fd210f69e42551842c40bb61e39edf53cfe9e9659ba938fc50f9c248e1955884e107dcdfe617397b802db98f0aaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | b2c67e594939c775fdf141ef58990bfb |
| SHA1 | af7c6d1e54f27a7fea9de4b4fd0b35d85604706d |
| SHA256 | 2b9991c2add7d9a88e4e9904310fec609a66ac178342e11effa33aa42a6efeff |
| SHA512 | 3a283766d1a0580befa69514cc9d7b4996241e19f58166120b0fd232e57da14bad60d92285aa6f9476765b1045d394ee53a1b0cbe8c541f8a136bbc6b9804f60 |
\??\pipe\crashpad_5060_UJHZECTRCCKIQPVU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4bfd7a4eff2402086963916186688aa |
| SHA1 | 1111aacd1afdaf586c860941043beadb16b99638 |
| SHA256 | b620b7753d76a9afe31a4a434b03d09e0b2e4a23c13297468930149ab0eeb192 |
| SHA512 | 8927cb5434aae7fd1e9e68ade61045be18030de528de4d07ed01b08b20e7416f22120bc94c8a24223fa4f3cd92fc574d339b3cad0ec934d64a01e395002bae59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 412a2f8dd413bec07c04dda29dfcfca6 |
| SHA1 | eafea34d8c7ba4326d7d8ed83ad84322f9c1ce76 |
| SHA256 | f4d40d86736bd3fa5069b44c12c2fe8db970985feb92ff3fa602ed06dcbc7646 |
| SHA512 | abf056351ef4b5135742e0542a66485d85520f2481cbd93e9dfefebfb7e1843ddb3779cdbb8e06007ae09adbf567e510caf63bc6743622e784ffca1a271124fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05c0da3fb8d3167e495a784125870207 |
| SHA1 | a26b73b873dc10c562f274b031d877480e3c1003 |
| SHA256 | e24b9e757fcf0619c1ba31628eda6798d8d781586d9bb41537d71f70d545fd68 |
| SHA512 | d523da5995774380772b63dd59737b97038ce407ae56f47f2cb8aa35602cbf9a3b47b240d21cc746533c7aecdc374f1b5ecf4e4cff1cda0d932ebc4fc6044bb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583dfe.TMP
| MD5 | 69dfccdc35d78a5415f5572350868931 |
| SHA1 | 4a0a33f1a4a367dae6792de2484bac0c9e912a19 |
| SHA256 | 317d892ac12d2de7cbcf1e6e8c1842e6e3657ffde1d85edfc72c3e7fe38b3565 |
| SHA512 | bcfd9994c1b8cc25aec156af69179331d42ac88cac440bc5feb65c8006e6e8c2cc38f07585bca3045f41c3a7f9ca0e626775a382e71b47c063620084441c8413 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt~RFe584ef6.TMP
| MD5 | e960cff1df50d7fef76aaa729856cc20 |
| SHA1 | 2c82ad2a30467ba9ad0e8d52ebceacff17c8e253 |
| SHA256 | 006c9734a5d6f48b07fdcf70c27ce12a00cdca2fedd14ab03df5f476358f5355 |
| SHA512 | a42fa6b15ba9e2adbd6b1f5bbe43624cd5f2d2ea998e7a163704cd9069b16c2195b65aa4409a832fe13704d2b40b5a6d078440b2b47cde5daa4c051740d38262 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt.tmp
| MD5 | 58baf8845c3b8e24be88108c2b5824ed |
| SHA1 | 6364126015303301322f3700c3eb68c8c2dd02f3 |
| SHA256 | 1126d87bc48b113b5c32bdd6c361965db580bc2f8463cd55e0ca9d83162b355f |
| SHA512 | 18e1f977db3c1eacaae4983f750b51e036ef5e63e7a87100fa6abb51e4ca0f9ea08a5f19faa364aef6c4d8f7ce3b05c7d0e30b5f14068ec663e5456ded0b0462 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 01435ad7b89241ac31fce39b76a81054 |
| SHA1 | acaff9e0e6845038df7e2ec2f89e614c99987174 |
| SHA256 | 17b30c023ed2f23101a76369714e9f540e416ccc36cb83aa5805e3a7ffcd5244 |
| SHA512 | 9ddd27ae216a790331bd9cabf0e7d38d5cf71d19b246de332bc2b90c3c76ae013087426dfb59adef94fddea8fb78fea68035529fb1dbfa01480fc295551d4498 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8628d92170eeade717be59c84c38453 |
| SHA1 | d7607c6c32897f8db42861da384e81a394c28337 |
| SHA256 | 84cc0c8d3ca66d6acb6c221d880061fd2d4b61c7808c34682233907edb489f2f |
| SHA512 | 644184130a97b31abb8ea94d2b0a365457580d1103c99b970eb539b13881b48f97d1cd3b1d9dcc595e16f19c1edca8b0c5b43db6b3bebf07310155e0a8b5592c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 01c3d5108b2e43fb3dc7b0a49583aa9f |
| SHA1 | fdabc449687d5ccc6af060205e37b191fbfc962d |
| SHA256 | a1696f77e6f43f56c847073aac6a116bc227515b1b1393636871939e579c13fb |
| SHA512 | 746eabb89657822a7c0f4013c31dee656f544c366f37bdbec69aa93bd32f9e51be5b493d4c188ec56d396b9a33ff24d94a2d8233f07b66e5364da1aaac646039 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 387f3c345f7125c563860f58169d1b16 |
| SHA1 | ff15c879885ccdda99a51d22f86e62d7d03d305d |
| SHA256 | d39fbae191b061ce03b14bcbb9030a85b511bc724a9a8fc16bba5527cd60e1b3 |
| SHA512 | b21e80d54868a2ce95aa13e8125ec85e739f55ce6661613e6efa13bc88ac5aefc9fbd25dd092c861454827dd47c729470d995e897b1f3f48e6757e2d784ef87b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 7fcc55eee2ad6bec6ea92865fabd18ec |
| SHA1 | 5566b545f9cb17dbfc3983f04f62a2e2214dc2de |
| SHA256 | 04aa567f4bdbf4df5505b77a334a38625ee6cb9e717788e043583c713f6ba197 |
| SHA512 | 4ccb0ef83f1864af4d9a474f5c996a95343aa296548289d1746494809f3a425deda1a17713ccc4cdd0fa3606e6d777d170f77b28caa036a8658e9e23d23187e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c7ba96ecda3841938f1b0ead9e49ff9 |
| SHA1 | 4c9774a9000581acd77ac153241d5d4e68db3846 |
| SHA256 | 67bf8348eaa664a0f692d09842cad489d4a94035effbc802786c8f6bb296fe31 |
| SHA512 | 9abeac53c42c85059aa8973250e0f3423944e575625c2b4bf574a1e39c1d4a264d49863336aad3a4a7d7a9d2d159087b15f34ee0269913e918a1ef2b21f2257c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\dc85922e-08ac-4983-8ead-95a0d03e020e\index-dir\the-real-index
| MD5 | 6f098f6a82834120e79e6752698e9017 |
| SHA1 | 3745b3ea99fe08aa6f26b414c37a26b51ac2935b |
| SHA256 | c684c6635d0afa310d6f10501544ad1650551d6667697a4b89acafc2e7c49d42 |
| SHA512 | 73fab11d8989e3764d88aec1ecd8db1e2751a3d3c82a1bff7eee2121b497a4cc3c0067cb4d6857861ab776c9226cd08f18334f9b7bb365fe5df9e1f38fb6f8d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\dc85922e-08ac-4983-8ead-95a0d03e020e\index-dir\the-real-index~RFe587ff9.TMP
| MD5 | 73247d1f72ee1666e753a4c403bc888b |
| SHA1 | a08bbf2d294fd1f129079504148b5b11b06e2a62 |
| SHA256 | f4144a5af0ec7bb6cb35247b25bd4245055aa3e5a24bb0fa05516796435fafcc |
| SHA512 | d4963f0acfc1f7a9aa5652a08c13c02f254f4309f5a82bdf07962981c9447565951872302ac935a5001fdad648be9daf742bb894bf4baadf4ae90b69c603ad1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\index.txt
| MD5 | 1963c058c78293d1d51aff0e094eff6a |
| SHA1 | 83f89c25562d296e4a0ad8ce3471596829aae386 |
| SHA256 | 21c6fe370f8e8080ee8bd6decad85d50c7b76d5cc18c31886778b917f280a37a |
| SHA512 | d7305189cd0ac38458cdb15c0253b003592389413379da9332851268f7a13a6eacbf95bf852cdf021dfae5e0a5112ab327a87fb9265847d3bf56b2c7c3b0434d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 90ffb877af5ebcf4a45ea4794b96680f |
| SHA1 | 780711890e5485bee6bdd51a2461bdfa6ae4ebbd |
| SHA256 | 2a041b24dffe2b371b87633e245e6e8927d4863a492256cec6f562f03bb0225f |
| SHA512 | 0f6064a2aadd57b35956d604e7ea6878457438e26673ced478bcb51d79ed87fdb25c3883659f912c0cb523e5d47478720729e5ed15b4f8f667d1115b1a65792c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 56bac5969140a8e5bb31e849378569c0 |
| SHA1 | a4ce06dd6ba9b5a57b78d142e62388fecb5ac391 |
| SHA256 | f85893e788c96bf3bd8d8dd3dbf26cc4bbad2a6a1d64962e8ef895688f0e274b |
| SHA512 | 9cea02e7335ab3c9758d920dd9b4f17d80fbafca52c823121cde1c30b9295d8738ac65f368b8c3356e729374b984d2f7212d17c7fe1e20a15e615edf35ab1345 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\fe92214b-2070-449a-b8c4-23644ef0a0a4\index-dir\the-real-index
| MD5 | 7c1a797658b601a79504d36cd7f88d00 |
| SHA1 | 10d7b65354467cae388221b32715927c7ee6ed74 |
| SHA256 | 4ca7a543863541cfae56fee371f9de2b80c6f854e98c896f3b202b2e697eaecf |
| SHA512 | a6a2d8ef570f61081479874d1baabf478408d66974b459a10330081cd446de7f8c029d84c4fd3a9e2dfc0b2f25cfa86b179ec8acb0bfe452057f4ee9113f80c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19b6cf247613cc2a293a024fa2e980aae478e411\fe92214b-2070-449a-b8c4-23644ef0a0a4\index-dir\the-real-index~RFe588d66.TMP
| MD5 | 9b6eb36374396e24538f70e17b42cc72 |
| SHA1 | 1fe8806128fa346e7bfd9e59c9569c922258cc26 |
| SHA256 | 04a539697500b75355f27ff1f870c81c280f55ea0e346b4845dac60acb8ec0eb |
| SHA512 | b4cb0643b4b052c3535168619d14ea9881532eefc6b57188ab4f3c512fc41db9e7d15e7d03024eb3b608760d4162a7d813e1521f176732614269240f307d6989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 210d46166db30a8d36fab3c1e737299e |
| SHA1 | 5587afd3697bf26f94f70f43970d9d84499fccf0 |
| SHA256 | c6e8dd431eae72c3793a51feff1774e4e4e4c858d4a1728c7d63aa428f9c7906 |
| SHA512 | df8e9cbd1ba14363e53e6d7618ce9d058b755976a141a453286e3eaee8356de77e6c77bbc603321dc1070f7aff194ea6e659c0a6d58043c3b933737e53d9fd8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588d66.TMP
| MD5 | 9e66d806db9bfcafb9797dfdfb46fcb6 |
| SHA1 | 83ba0b3e9bac787600049efdcd146e8a9c5f27ec |
| SHA256 | bc5c51d5ee8c509a784f67979b240433a29eba2ab3251f95ef4a60855ebbdc85 |
| SHA512 | a711146e985389b591051369a8640aac46ea1ae4a843148cd7926b6b59e9f3d49bc178d9d4ae6383e1d356b0447c84a0a7bcdbfa706e926696405e86326ba658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a226238e9d90898f1ea50488243b5061 |
| SHA1 | 53e5ce91b88d99fbd796d3372121116cb99dc9b8 |
| SHA256 | f4ae78f9dd7d67f7eb31ffd225d60c02c48a0cadaa782e77f3357c0ad276aa99 |
| SHA512 | 76dafa6d4739a221752ab36c0c93d1b543d1d8a178ba541b24bb188bb938e9157f672a805de8c1c3b4ba94adc0861710fbb63cde96c586203ce12045b84ae61a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 02fd8896a697a584a64082402e06f425 |
| SHA1 | 1888dca06f3cb73668a82a77b6b6f3a5eb13d483 |
| SHA256 | 6000789d192e71f4764cc1da2519fcb5966e528e27e4815719ff422daf9d9f3f |
| SHA512 | 8a4bdadaf51da67a5d0f65a27a3fba9cb29b116357d0bad9d87462abf87204811f811c8d7c3fc293b488f68b08783285652301d7496e776ea153a5b30ac140c6 |
memory/1588-765-0x000000000AE80000-0x000000000AE90000-memory.dmp
memory/1588-766-0x000000000AE80000-0x000000000AE90000-memory.dmp
memory/1588-767-0x000000000AE80000-0x000000000AE90000-memory.dmp
memory/1588-768-0x000000000AE80000-0x000000000AE90000-memory.dmp
memory/1588-769-0x000000000EAF0000-0x000000000EB0A000-memory.dmp
memory/1588-770-0x000000000EC10000-0x000000000EC46000-memory.dmp
memory/1588-771-0x0000000010080000-0x00000000106F8000-memory.dmp
memory/1588-772-0x000000000FAA0000-0x000000000FB34000-memory.dmp
memory/1588-773-0x000000000EC50000-0x000000000EC72000-memory.dmp
memory/1588-774-0x000000000F9F0000-0x000000000FA56000-memory.dmp
memory/1588-775-0x0000000010700000-0x0000000010BFE000-memory.dmp
memory/1588-776-0x000000000F9A0000-0x000000000F9BC000-memory.dmp
memory/1588-777-0x000000000FB90000-0x000000000FBDA000-memory.dmp
memory/1588-778-0x0000000010C00000-0x0000000010F50000-memory.dmp
memory/1588-779-0x000000000FFA0000-0x0000000010006000-memory.dmp
memory/1588-780-0x0000000010040000-0x0000000010062000-memory.dmp
memory/1588-781-0x00000000110B0000-0x00000000110FB000-memory.dmp
memory/1588-782-0x0000000011450000-0x00000000114C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bkaye1ek.kbc.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/1588-791-0x0000000008B40000-0x0000000008B5E000-memory.dmp
memory/1588-792-0x0000000008B70000-0x0000000008C15000-memory.dmp
memory/1588-793-0x00000000FF680000-0x00000000FF690000-memory.dmp
memory/1588-794-0x0000000009100000-0x000000000911A000-memory.dmp
memory/1588-795-0x0000000008F90000-0x0000000008F98000-memory.dmp
memory/1588-796-0x00000000FF680000-0x00000000FF690000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | ae0bd70d0d7e467457b9e39b29f78410 |
| SHA1 | b4a549508cbc9f975a191434d4d20ad3c28d5028 |
| SHA256 | 4d9f16b00bda1db65b68cb486f7ae1bf5b32aedf7fd335e4a8ef2fa087870986 |
| SHA512 | cbe2b5ffe647f5318edd9825ea6536d6d14dab66920def0323fb5b4dc03a4f8b6781b9209e5a557ab4d270b3f2b170797e6bd807195c93869367c0a245a3168e |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 5d54446ae05ee7c686ad521ee3cb3c80 |
| SHA1 | 30afbba33fd8ab48b00fdb42a51fa922625cb3b4 |
| SHA256 | 19e75f3a8464bdb76f3d2a846cca1ba5d4f3795b327f8b44cd25a704fe38478d |
| SHA512 | d22e5a78b8df4599dc3089b1c66b2b0ce462da98505ed2b8d90fecd931d4d668ce14eb23f7f13e86f251e2c672b343a0f12711c9a0cff1b4fac48db8d2cc6762 |
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Installer\setup.exe
| MD5 | 005fb6882161a039f6f489456e65c48c |
| SHA1 | 8f3dbcc25b1c148cc1817d7572df4843a4ba4948 |
| SHA256 | f5184b1efea9b9b6131450d20dab28047993cf2f2da72cc5c1793420e100bcf8 |
| SHA512 | 479f749d14978274300e82e9f55f286b34c8dc965eb4871cbc90445134d6437e0c2e3d1cee2e3280af01c8f1f973b25130b18c9afdfb5935259e919eb8b98719 |
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source1716_1712507170\110.0.1587.63\Installer\msedge_7z.data
| MD5 | 24e75234ead643239611dcfa2de7f68b |
| SHA1 | 45bad7e041ed18ec303e5962daa57fddda7a73b3 |
| SHA256 | 90af87a7d806ebc25d05730603bb6dbce4aff5d71db5ed613267441ddcba5c1e |
| SHA512 | 139ef9c864e4b427d552690f78630c896d08d118690700c7841d188e367214befd13f8adce97015cd740d90539a1217d6aad96d9939cd12ead4247fabb7d8ed6 |
memory/1588-1226-0x00000000023F0000-0x0000000002402000-memory.dmp
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe.WebView2\EBWebView\Default\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe.WebView2\EBWebView\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe.WebView2\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe.WebView2\EBWebView\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe.WebView2\EBWebView\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/1588-1981-0x0000000002470000-0x0000000002478000-memory.dmp
C:\Users\Admin\Desktop\ValyseOfficialRelease1.4.1-b.2\bin\Valyse.exe
| MD5 | 914a13f7792bcce4fc4c25521b20ea26 |
| SHA1 | 42346e66275936b249c4a2bf0ac0f04d79a9c1b1 |
| SHA256 | d8532a471399c1b6ca15c543c55162f1938be82ceda2044b0f46b47989d668e1 |
| SHA512 | 7bd9f4b722940a18cc41d1d1afe73f0d74bc1f38e6b708ab9270448591305b0331a450b1ed05baa4c6e83f374c50dabe8d34848c032336ca76cf35b08d86045e |
memory/2196-1985-0x0000000000BB0000-0x0000000000EE2000-memory.dmp
memory/2196-1986-0x0000000007BE0000-0x000000000807C000-memory.dmp
memory/2196-1988-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-1987-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-1989-0x000000000E9D0000-0x000000000E9D8000-memory.dmp
memory/2196-1990-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-1991-0x0000000005B50000-0x0000000005B6A000-memory.dmp
memory/2196-1992-0x0000000005B70000-0x0000000005B8A000-memory.dmp
memory/2196-1993-0x0000000005BC0000-0x0000000005BEC000-memory.dmp
memory/2196-1994-0x0000000005D90000-0x0000000005E40000-memory.dmp
memory/2196-1995-0x0000000005E40000-0x0000000005ED2000-memory.dmp
memory/2196-1996-0x0000000005C10000-0x0000000005C1A000-memory.dmp
memory/2196-1997-0x0000000005C40000-0x0000000005C48000-memory.dmp
memory/2196-1998-0x0000000006990000-0x0000000006EBC000-memory.dmp
memory/2196-1999-0x00000000062A0000-0x00000000062AE000-memory.dmp
memory/2196-2000-0x0000000006EC0000-0x0000000006F26000-memory.dmp
memory/2196-2002-0x0000000007370000-0x0000000007402000-memory.dmp
memory/2196-2001-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-2003-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-2004-0x00000000072D0000-0x00000000072D8000-memory.dmp
memory/2196-2005-0x00000000074B0000-0x000000000754C000-memory.dmp
memory/2196-2008-0x0000000005910000-0x000000000591E000-memory.dmp
memory/2196-2009-0x0000000005A20000-0x0000000005A2A000-memory.dmp
memory/2196-2010-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-2011-0x0000000005730000-0x0000000005740000-memory.dmp
memory/2196-2012-0x0000000005730000-0x0000000005740000-memory.dmp
memory/3340-2014-0x000000000AD40000-0x000000000AD50000-memory.dmp
memory/3340-2015-0x000000000AD40000-0x000000000AD50000-memory.dmp
memory/3340-2016-0x000000000E1B0000-0x000000000E500000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\59fd7937-10c0-42d3-bb0f-30c59a0afad9.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b9bb707986df7ef2329a6cdc201832b9 |
| SHA1 | 4a2d9897766e360d34630a3573bfc520d8cee8b9 |
| SHA256 | 5687e2fba633e7183ef827da1b1ad0ca0db809af8f68e469af8219d0f30a972a |
| SHA512 | fc8495092fad821f20c5e9b2b1be8c4977db1e8fdaebf19a79610d528ca7548bc9c8c20fbe87eb62d652f50c3dc71d59a55ec2be7e786358f8fdfacb05409a19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1bb9d319c1c3c5c301a9f33704a97206 |
| SHA1 | b6caf81e4d1e97e4de3a277d58f0d2f6f55ce392 |
| SHA256 | 19a5ee9e8f4b8ca1490b393119904c691590798237892ffaa720f68fb658e503 |
| SHA512 | 1c98777bf0831f5a93e296e07d819bdbdc6eb6f46507d9484eea57b677b20e75c34e7f6c520e4a47b964f0ad1749471005aa721b4a42b385261e42c31564c76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08ba2660085b21793bc79cb3639a99a8 |
| SHA1 | dcf3af4a02848ba95a0b9f8ecd72f5cff52100c0 |
| SHA256 | 5d7b3fc820b30f9993cdda9b41b429853b1cd49fb5b012ddf0180f75c046176a |
| SHA512 | f483d5e35e2f28ce4d258d840054521baa5d7e24aa06231ac060dc1185ca11b4a8baa4a1f6365eac0c8a19c4709c0c86c145a62ce2ff8fcaf9525887c2c33aed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8a98cb632120dbe1808c584c6266c801 |
| SHA1 | 3a8c258cfcea265a570ffaea75c464eabc9bc391 |
| SHA256 | f85b4a4897b2533e7d2c66c3a91629b7a5b6da71eb5234031b0aff620378322e |
| SHA512 | e8d91f0efaf0e7c0efcc0dfa0c171be3d7a662a396d55bb6a41dc92500728db96871d30b1fef02e1665a8bca336741643ab697a94f10b34f0cfd73fdb809b95c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ae87209eeb1b6af8bc9f9c20696a18e |
| SHA1 | a4f1c77ac8e067caa64322950a36e6606bbd398d |
| SHA256 | f28fb3420c74254b763a6e1f012fb7b471ba2ec988f19e3fe2829fe6933ee8d6 |
| SHA512 | 9410858b9b3a1437a544a074631a7e484f7f57a6c3b23ddbb32fa766765974beb43ad9c2c7ba499726a7c238a4615cbd9c6f023fb438e2be228a13cf7b019e26 |
C:\Users\Admin\Downloads\MBSetup-01908E66.exe
| MD5 | 1ed0d8b2214a5d067d5422145689f747 |
| SHA1 | e671419cc7957c1118b9bb84251a40c03351f07f |
| SHA256 | 06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56 |
| SHA512 | e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f82594079218323963e37099a6621c97 |
| SHA1 | c1631f59e0545da1faf416893417020f30c5e87a |
| SHA256 | 12b0c0a6a8b9b7de547291dde2973118adcd91253fa7d9f5cdc79a5647ed6ce2 |
| SHA512 | 0388b8b47682cba14aa73613b6a1dfc1f094e0b6b72bfbb0d5bf1c54527b1eba2fc33a81d75e9dc2ef5923e754207d2db81530a9e5798670df2bf53bbfb9f925 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10aecce6077ebb354ce9dca11f3ec371 |
| SHA1 | fde93534b8f12760e52555b00a3c5b5c3f3b44c5 |
| SHA256 | b01ff91162a276a22453313fe0d046dc7151f227df642b699bf9e0536cb7584a |
| SHA512 | 15b1625578644c0adbd0ea84879fab4637b297cfd5aec1274cad82d11ce5deb708fbf86a63d681d0d755aa7fd3acf72fedae3c9a60f45ffa3c80b2d373696a82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 449f5d5c25803f80d9b52c67d5e219f5 |
| SHA1 | 14f7b5c81fa599431a9afd99d48c6993d79a4110 |
| SHA256 | 9d46b2ebf600b48051dc05d08cee060132a6d0653b3c9ef4211ac6ff3ce1cd46 |
| SHA512 | 624f142f9e88218e0f69d08932796306b9ba2941895aef53234d75df23ee9093cc0fc75d3e8101bc2fccbce09d7f0b9f0cca85ff28d3f84162f77b40d02c780d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b643a233f0c98154d897a9d3aa3890e6 |
| SHA1 | b4de2c3f48d80e7c8b446dcc2dfe8adcd0c592b0 |
| SHA256 | 14e2233aeab7e0302119614dad6e28210677dacfdd90516199737c297c203ab9 |
| SHA512 | 72dbeceda04f785d9b92971eb3c16d3a63517b3b04afda72bcdb19333c9caf14889cf645030bd636683263b97fc1cf61d5f1e82d34d83eb11193762a9f1d2f0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6a7e70d205d332d77c5c220c62cf9053 |
| SHA1 | eb4d7daf5400a535784bd13c2e23ee737bcf7cf9 |
| SHA256 | 9b4168f003c039c5affb9f6810b801a95a8c8bf37927f5885888d56c4eafef64 |
| SHA512 | 71674a03bbd93064fdf9673c0de972722e686cb39cb195c21e8cccd32d5a0e7e89fdeb490360786fae97203acb96fb101afcb1df312fdddcb554dcf17b0f401a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a57aa66c039bf86fc7f606af000e66e2 |
| SHA1 | f3f35676196bb921e36dcf9f51abdb410b324b7a |
| SHA256 | cadc7d7dd1a4da9ad0a9412d2b5868d188fcb9baf1585e40ded00370f81c3a1e |
| SHA512 | 293c2a4c5965283029d703dc162402e66b8c2d76a6da8feac20422aa760f14091556f6beb42f94bbf85e2a75da1d858a3761319191838cd4d8a6bbd1affc26d9 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\MBAMService.exe
| MD5 | df6a796460b0f70a9a42cb1ab98e7ffd |
| SHA1 | 657c2c3cdef7325c6331f377fe0227760f6bde1a |
| SHA256 | 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43 |
| SHA512 | 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 69b658fbeec3172c7399a81fca80be51 |
| SHA1 | 8f7b19f9428f3e53702209715d244f2516b7385d |
| SHA256 | 80f5bbe171839f4bc52616af01fe90931f72cba73c0008119e3046281c765b51 |
| SHA512 | 8f609422356246b8f88f88545fc496ad18829241ce52ad05a764342c9ba7fc39d0bd2f5025d8a1dfc050389c6724d5d7d313c1d230a5074ab1c0173472e2fb09 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml
| MD5 | d8c9674c0e9bddbd8aa59a9d343cf462 |
| SHA1 | 490aa022ac31ddce86d5b62f913b23fbb0de27c2 |
| SHA256 | 1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7 |
| SHA512 | 0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml
| MD5 | 829769b2741d92df3c5d837eee64f297 |
| SHA1 | f61c91436ca3420c4e9b94833839fd9c14024b69 |
| SHA256 | 489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0 |
| SHA512 | 4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 5de6761dfaf6bff8a566a80bad9c0aed |
| SHA1 | 7c513bf3de55d4a397b3f41e538fa4988c41820c |
| SHA256 | 74f655918435255fc9d1cc9a7be6750df82f5a5dc4d3e422c5fd40e686826d9e |
| SHA512 | 87d9a3a5a4d8153273b3504c86a3a54a693ce8f0b23c3ac7719bdc646b516d59aae4f4f25c4d16d7c3860111029f20dcc13be19c44cc8edc6ed05fac7e86a491 |
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat
| MD5 | 74c6677020fc6b6c867aab117078bf5f |
| SHA1 | 8c46db37dc0b39eb963d4144539c8b591e122400 |
| SHA256 | cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708 |
| SHA512 | 3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 5385ca92012c3143e5f7a14fcd3ce105 |
| SHA1 | 64af5d603781aa01913bacf401004178371e1764 |
| SHA256 | abbea76cc66f9445aeeb1829bd2cc3d9abd5a51d2665b5f9be9645d297e26daf |
| SHA512 | b5fe90faaf18d1b80e04ae98595137ea011bd4800637a7929bb6d6af02a2f6d98ed89f687cfc25fb11071d65aed7320a19609a3a986e0b3728a9c5d08100d0c0 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 74e0d7828d558a74444c9c813f0c4227 |
| SHA1 | 92991c6e9649ba038ca6573b730f9cba787244aa |
| SHA256 | f7afc890dcf1e59abb49b845b477a8ae0dd02ae83365e3114dca4e0754940b3f |
| SHA512 | 8277f457bfe6a1b35ca1aad03785ba0884044f5b67ce6259e95a5b7e82b645255c5979e6e0a01679837d58c150576d9cce63fcc45e9de3af5e9ca94bd9c73bf6 |
C:\Windows\Temp\MBInstallTempd1aee1eed59411edb55076a232a3e020\servicepkg\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | befa3e18283e82534a78c22cd5781670 |
| SHA1 | 0963a7e10f5f70c4922334f84c605eb7a8bfc883 |
| SHA256 | 265edbb2810c309bb2fdceec323aab17bd243fe9261f0ec0b7024f3b7ddcbe2f |
| SHA512 | 1e700fb27e854be428597b01f9123ebf87e0b2ba6077eb93a02b9fa227ef9d68b69553551e3147e60f82ce2e15ad1dabd3b5b13817b2441156fbd448c8b1047c |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | da84301ebc4c3c6fd26828a20f7a4ecf |
| SHA1 | 0684f36d4d13663273374b92a3f7060bf9edabf6 |
| SHA256 | be5b0798c20c1641d0a9dcee8f265dceb0765752e0146ce6650e3d392eb7fc1a |
| SHA512 | 9a0cb802288f705b0efa00dc44f6a9953567341daa529db6c33d348accd763d855bfd04bdba46715a69efede5c743084819a4cec439e7c407d27ed94e3d3791d |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5fe665e9d80d7bee54629c9707d4dca7 |
| SHA1 | 601b4b613b4a5f6af998b9de8fce389ae255eb82 |
| SHA256 | 23a30722e7d4fed6d451648c7694ee5657731b6c3b1580146a6cdcda2ad3007a |
| SHA512 | ef9de23443e2f823fcb30dee1764d45fd9a8150b7237b0e6e054376ff89b7bea73793fb75ccea8a897139327f9b597b280792066ec3922781b26661292b3e736 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 71ce445101bc5e5eb666305d40e89652 |
| SHA1 | f4fc49219230c33d67ef8b658dc3dc7f3328dc24 |
| SHA256 | 779ae9d4738a735ef443ec7f2e886b917f55819e2db1605deacd06d81c6410c8 |
| SHA512 | adb40704618c74a6ea55e742f4d2a65e53f398b153966d4b74a4b71e221747963df4b723a99a42d49ca32371190e7084df32bd77c1952e53faca062c05ca93ae |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5aa2306d071776fa3418bcfe901f929e |
| SHA1 | e82c7ae08a860ad31ef747a4a5d39ff7b83812ef |
| SHA256 | 924c78f838371c8dd14a531be6b3c27aedbc4539acade49b4f3fa275720c295a |
| SHA512 | b0a74e4e902bf3d5958186f5257740181b7e11ef9afab6e6f44ec69804964818345f4332def9d94815be8196a5e62057b57b8a811f875b253916902a4787030b |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | f4a105d7b2fdf51f680ab2d639f79396 |
| SHA1 | 86ba89624e49bdf8970673a7ff23391e551ba709 |
| SHA256 | d08d01d8b2fa559d961105f1433960f7908db0d7f53ea8c32d8c96af440417c9 |
| SHA512 | bef03c4b5c4708ea6aabcacb797917bcb83ef7f46ad17f5d8fde807adaa6e66fba5035d3500b96922d84b0d64a2471879eb50e3eb59bbce4061cd3713351b5ea |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 17b6b58fcc3a67b5ab38e2047f3dae88 |
| SHA1 | 9ec58e07f08268d51cb55cdc9dc4f5cdffdf47b9 |
| SHA256 | 11b02480fa3a8258433ac7f85f622640a0b1de240b8432a3f0a1fd7606f52f54 |
| SHA512 | 7169bc41632d476933d71deafdf3b35302378758584e381436e1446150da347a3f7eeb5452c6291f4e7e82a71cfad9acb8c96b884ef6ba8d0f651b4f2ab82b58 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 17b6b58fcc3a67b5ab38e2047f3dae88 |
| SHA1 | 9ec58e07f08268d51cb55cdc9dc4f5cdffdf47b9 |
| SHA256 | 11b02480fa3a8258433ac7f85f622640a0b1de240b8432a3f0a1fd7606f52f54 |
| SHA512 | 7169bc41632d476933d71deafdf3b35302378758584e381436e1446150da347a3f7eeb5452c6291f4e7e82a71cfad9acb8c96b884ef6ba8d0f651b4f2ab82b58 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | c5847e00f30ad4ae1cd4544cb306fb4d |
| SHA1 | 20a9ba20ed7dabbbe32e0d2656456818909ba3d7 |
| SHA256 | 93d6b8076b64d25cbb79271a2775e6b7f5f6c2ab5711678b9a751fa236c6b687 |
| SHA512 | a7dd42d8539fc901a78eee28718c6cbf579a889d0e7cbfad9f6bff0af42e9451ec168fc8dc1d45298ed2b3e4ece0130abafb322f751d1bb3122fed4a2a5b3143 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | e763110867031eed228d752f8a39e938 |
| SHA1 | 542788d5bfa1fc5783a623f4c84b69ac9490682c |
| SHA256 | 4e2e92570d3730e5bd6ce84fb899fa606ff1dfcc4a25b3ac43932232aea0684f |
| SHA512 | 7a084759d855a9e1e2bfd45c33b2be258ae75daf0c1f6cf5174d2011685da4be4ea6847ccc22d4cf3e101ca1b15d98fa4ee663620744d67866a66e765caefed9 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 8b6c251dc30e650c5db33d757ab8197e |
| SHA1 | 714315ce6df0eec6fc84ed9a895ec3b9625536e1 |
| SHA256 | 5f32c14a77409404e6c2087a6668020b55168d8d1eeb817188844f0224bda01d |
| SHA512 | e24ae7549441523951319159da6b6680b97dfbcfd82f25c24067f1f2e139afa9f0fb0d4a878cb85da47e5fdb6c65ef201a18e99ebb1dc7e610aa4f0f3393fcc3 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 3b6a3349c1b7b5b51f2c9b6547565010 |
| SHA1 | 7e462057e984b67517ea18ab8052dab7754ff761 |
| SHA256 | 04de4fbb5cfa86903d49ac7235122b5fd302245318aec0cf5df1a365e8f4d9fb |
| SHA512 | bdd6208927d1263365f66823ef30e92ec649fd8e329b2d80ed419606f2f1e2679febd99b67bc893d2e21fe43be1badc8b0d905b3c74692da5fcf75b3af7e0579 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 61c5c9dd4daceb87084e0638577597fe |
| SHA1 | 52111a35039f9677cffda030d6ed4c41d4590d28 |
| SHA256 | 26a20e0fc8dadd25e8cdc781cb97e9706fa90013be5a9da170e5afa823338474 |
| SHA512 | 2b8591e10aad7157d338a35fae1c143b06d5f3cd00f61fc0d6ff6100ebe312a435445dc141760008be81960165f0f30afc04eb6d587bd0b4efa92eb93bdf336d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 139463e2c959cb40c3cd45d9fbde3d9b |
| SHA1 | 366d67d10d35cc969de0119c43793944810eaf21 |
| SHA256 | db2c789d5b6879a3a3ba9bae5a928be8f930ccca617daff4f2d14d148a232808 |
| SHA512 | 1a37f6bf3cc837a6582cedee5e72ec5af19dd9707015ca1ad12d20da6d5ab26efad8bf79ddecf3eb8e75f0c9b06edc7f9a6a0319e130496c10ef43713e0426b4 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | d62dc39a1552a098269259aaaea99838 |
| SHA1 | f4f52982aad954d0f0f0ba70fdc812cc33098e83 |
| SHA256 | 6ae0ec8f4f9d518659fe3fbcfef119bb5fb9509b883691d3a14b71b41082ca17 |
| SHA512 | f3582c64dea61fc2957e79bc013cc9a0e5320318925b42393b373a8d336800b92af2975e2f39ec8345668b903d8e29e7937f0c47102c491ddfd7813d53637ecf |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 9a2fc3a52099cccad700275106dae0c4 |
| SHA1 | 020af5093a5eeff090e6ac6a05a289950966c2e7 |
| SHA256 | 4c16fd9cad9524a516784a07f38fdfa6f8834c306a3de499005e18ceb0ec509d |
| SHA512 | efdced11e7c934f3e4d1afe7e831f24e73704dc74706ebe012a0342d248e7e2646199f623687360d27a0a394bf08d40cd2e73e3cdc830f82482839c5e8507190 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | d7838e5b2740cd40e57307adf1f77d22 |
| SHA1 | e87d72bcdff1d9673aa4f00e63bf338b009a956c |
| SHA256 | 7dc892b100f6bb7b40baf4172990b5255b12293c7e5bbfc7868395ed6c0a823b |
| SHA512 | 6aeeeff46085d3c232ae154e41403a5a13ef06e64ec00012ed270db76e949fba0f5c04bc1695759fd760849aff1f5b6f256bc74e07f6a18c5b184d4d96b1eaad |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 544a36063346eeb1e751030008a9f7e3 |
| SHA1 | b5c44a037d16bfd5cfe0e6ba9cb770111b3aac82 |
| SHA256 | 33a822063dc53b5a693b5920f6a14bf4c9c1905c08b3257b7621c9f0c41d39d6 |
| SHA512 | fb86ef1c271d10da364654b244253a4492b8331d69e2a71479671a44f613b88a72822b5a849159b63b7b28c7cbe0c6b7ed35f82cf749a598b23676fae70f279c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 5244beb7c027886f96bc7b98201f0662 |
| SHA1 | e5a2592c1bff569b42abad339652518f734c5a71 |
| SHA256 | 96bf3e3797265c5ab88c69fbeb5d65176768ebd781d9f09c26919350c12208fe |
| SHA512 | 100e45487f9054f00efeb47c82529e045d8c43591c785dc83bb76121d8c0858c793f10f642818b0c09ef7ffcac9a51a52093b11b1c6067480d5855eb4c153a55 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 1eff53d95ecaf6bbfffe80d866d8e1dd |
| SHA1 | d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f |
| SHA256 | 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac |
| SHA512 | c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
| MD5 | 888b794737cd78e918486cd2a4116c65 |
| SHA1 | 335aa063439ee8c2242591dd4cfe6c9bc28531fe |
| SHA256 | 2194ea4af98e6ba23e14ac60860a6c727f4694a9d904025288997ad05f0859bc |
| SHA512 | f6a15dc86a89adcbf9ea6b96eb7d5671a2077696ef4cacf88c36d7c73c5f28d96f4a257ae8672981a24907e0583bb15c01dfe09ee1ac5837ffa693d5668dbbeb |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | f712ebc5aa4cc78b7f1a0c8810ce7db4 |
| SHA1 | 48899721fbcd93b7d5440ce269b7777a62582eab |
| SHA256 | 46d6f6dad272240bcdcfc0d5c42f88a2784a5ebf31bb284555cf260b21e8a4d1 |
| SHA512 | 20ea70c3b4e3cdd3727207b9b13e54332bee15ca18cde5228c7f93982310d77e5f6ebccd1a8251ad4d8cbf9ac6646bf7f5856f1c82d3b3ef2390fa779ec06017 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | f4bcae29120428ab0d1b72acc375d7fe |
| SHA1 | 0970f103d74c634a91afd69388ab692f2df4819a |
| SHA256 | f6e63c104b5a3714a035d2272e4663b0d9599c405bb31e7f9e7e108205707d4a |
| SHA512 | 078c4a5a15882ad74eaae3539bb787f28a5b3bb18e8b3a33bf44cfaf98d7dae05bf73245193ad2d3075686b6405c25a6cecdad3d6bb36ffa8b3da5812ae675b0 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 1ed53171d00f440f29a12f9beb84dac4 |
| SHA1 | 4d9a1e3579b0999f1ab2fa818b588411e9ee920c |
| SHA256 | e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e |
| SHA512 | 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | dd49aa252e12eba08ac57b41c1613093 |
| SHA1 | 044777e78ad3df43edc5ee079a37b08299d864e0 |
| SHA256 | 18402b96921ad3d52d6615514d88dbcd7aa01e1738452a68efc458e97cb02c23 |
| SHA512 | 07a61809868b12773a4b51ab5d94a6989fd3c03a49882b5bddd4d518a129db61ac5dfc5efdaf23b4c1d835f44a62ff0055669f2d5e47203d8a84b6c3ec488ef5 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | dfb0294e6abf1fd8b7d2d1e4610b92d6 |
| SHA1 | c573f327ae471b8823f309617c645fc50fd31aa0 |
| SHA256 | 58d35d08265a10f944bb7dab2ac49d9197d32e5122c19db4487f28fb51d3bc61 |
| SHA512 | 82758940c56aced17695b81369e512740b4a1ec67e02412c5fffcc8174ea81bff4210e4a7f55b4f83afbfe641bf101806ae8df24009f90b8dc8314c6d863eeda |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6e464d0d3d19cf8e805bc70b446242b2 |
| SHA1 | bfcc22cf6ecda2740c7552b2380c2af9f8a4418b |
| SHA256 | 173039bdc2229b5034e0c712660783648a88df9c644f0f0ff5c743585fe6f28f |
| SHA512 | 313408fc86df8d12fd824140787dbcc8044ffcffe928572ec4df5de9ece17fd9021e69a896523f8ed118a7fbad5d823fd0eac2adc1b3998d8cafc2728e492497 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | acb2e9d6ba92e6831b16ba3c773a4c1d |
| SHA1 | 1e4805705029153fe55e03309c6c2065bd406abf |
| SHA256 | fdc48f95caae522f715135ca389a7e2129a4a7e7f29ec814736a510866bb805e |
| SHA512 | bd340f360936a6bb0303bffcd583979c63d28d83a0538eedb2e52e6b750988665ae19aba7d0083b9cb098a0b7cefe2c7375c5ff352125ff5091c2b6ed0c80475 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1678630317be5b2d73235aa0031e613b |
| SHA1 | 70a81a261a978210a0597be97bc589f7e70b38dc |
| SHA256 | 22f7fb53753e8d7726c5b612d689549bfc90f5915b87115bd1a20d9a761901df |
| SHA512 | 64f3407e508c7876c00bc17ccc2191da0bb43b4156ba3b50fa28ba907bcbe8ebaf0cef34147f4cb60e892c287f7e267d3a131ab00c7e24c17e9bf8283ea7fbf9 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 1dc6d344ee9b6b024ba23278891db9a5 |
| SHA1 | 519b792d11daa2bf9d127f69cdd603a236576e04 |
| SHA256 | 823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240 |
| SHA512 | fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ec3f620ed5f8a5b298f04f2920bc009f |
| SHA1 | c189fe0053f176a6c0cc12aaad843dbc577ed800 |
| SHA256 | 17dd75d03e718689fc8f7eeb3d86ca7e8789e4be1eb5158db69d50fee2328acf |
| SHA512 | 190f4fd6b59955d877b4014952b6758f5000f049826225c77aef386f1f49dfa11e065d80b1d3e09341f8f40fcdb9591f9cc4f68dafb9ac65327c37d427cc1f9a |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 6a21162e1c8a9f65787b14bc439eb077 |
| SHA1 | 1bf68b253edd6cae098144e24e09b4e22178784f |
| SHA256 | 8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe |
| SHA512 | a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 03671752a03ed3d0c027c16878c3b1f0 |
| SHA1 | 6cd9faf6af7cc9c6180f6fa01afe525c65fe3281 |
| SHA256 | ba3acd5e3ad68f6e59c64322e4a20895a28469430c092f9ed5f16f1bc1487bc6 |
| SHA512 | 301afb4a15ea78f71a17e0e76b27ea314f9d810efbf39da30dd0c1a57a7ff77a385edff23ed043a34b197e883a7c925fb52e443d805f7a1f4568c53b139a79b1 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 03671752a03ed3d0c027c16878c3b1f0 |
| SHA1 | 6cd9faf6af7cc9c6180f6fa01afe525c65fe3281 |
| SHA256 | ba3acd5e3ad68f6e59c64322e4a20895a28469430c092f9ed5f16f1bc1487bc6 |
| SHA512 | 301afb4a15ea78f71a17e0e76b27ea314f9d810efbf39da30dd0c1a57a7ff77a385edff23ed043a34b197e883a7c925fb52e443d805f7a1f4568c53b139a79b1 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 3c78bbe79a82fcc3ed4ac7a13ffa0a95 |
| SHA1 | bf0d3b504921574a64ca5eb0c60e5c380ff3e9e4 |
| SHA256 | 4480946ad27ffc6f84e3574a8fb2009b25e574ace068761ccc4759b6110f8910 |
| SHA512 | 8cd1d47ea395e653609891d7dd30f9e8f878d52a968fecc3a165cc8222ce806362362747faf088a2282aa28107840a3242250698ac2ae083454d96b3bf63198c |
memory/4468-5590-0x000001BEC9F90000-0x000001BECA550000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | bd041837fe341ab59b246dde04ae1d7d |
| SHA1 | 0324625d963272fc6505b1d4f0fd365afbafd786 |
| SHA256 | fe40293ea3194f51b42fadc574e75ff0edff669e0633e564f265519b8bf71090 |
| SHA512 | 99ffc78286e6db650d3fcba5b2017ad0374e530d4767ecf28159aa2680f8be8792206af72c10224900246feaaa35464eb9a92886ce00b2bc8101c74fc7247a29 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | bd041837fe341ab59b246dde04ae1d7d |
| SHA1 | 0324625d963272fc6505b1d4f0fd365afbafd786 |
| SHA256 | fe40293ea3194f51b42fadc574e75ff0edff669e0633e564f265519b8bf71090 |
| SHA512 | 99ffc78286e6db650d3fcba5b2017ad0374e530d4767ecf28159aa2680f8be8792206af72c10224900246feaaa35464eb9a92886ce00b2bc8101c74fc7247a29 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 6d0fb80d79f703a1dae8b8fc63dad3b4 |
| SHA1 | 553e108e5728f972feb781acc31cec04b69b6a83 |
| SHA256 | ede4e5719444ef9716f10d4e82d3315632feed4e7c03de236c18ba0171247f43 |
| SHA512 | 1a3442ad8b0b89fe98bcc9e6a20a7a2ab33733b99b5bda44bf1dd0b6cf59976a746144c39d7c11aa1b6ec2b3a649da4cb4afd6249a86bc2d8f7c379160563c1c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9579f192da6310933c2b5c6bcf9537ef |
| SHA1 | 6d5ed40e18376e2e67a04e8bab04c9e7d5c034b3 |
| SHA256 | 5db3e5831729326e9bbb8b28d364030874a534f9b84d5c1489f1ed443e941126 |
| SHA512 | d98743aee537c20782a86a213ddf7e13d453d93775e2ae2671a9301279c656ee3631e4d4c1ff50071b2a47fd88ac0479f3a8157aaf607b25ab60217f9d0029fc |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 06449ce64b323b35e9e6c4166fcc8b84 |
| SHA1 | cde442980ebe9ab7a70634591bada2d81371d7d2 |
| SHA256 | 99dac9b20f42597425d73611005a244ffccccc8b21c56dbf83404b9c89e40d12 |
| SHA512 | 40f8ca009b9cfc6c36f09c4764d72807292bf8f125e1462fddb3e936f4add5248c3f4fa00005d049aaed78045a60af3268ca1844a744b8d0891056af7e946915 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 7d4a0a46e15b956a7efc3158290f445c |
| SHA1 | 76cf76daacd3024491f83b5218627f59c61ef600 |
| SHA256 | ff4fa75ab69f34a004a70a6a10c03690060560db15504f11362956337af3f694 |
| SHA512 | 60b5da811a489ae16bb51ae2c0c5a9c94316abfa6cf82faea3ced024f381e38dc1be8aa87e272ced65c47c64f867e0dd6de2ffbb40ae1703fffbb24aa0411416 |
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | dd63df9fccbff405f31685aa47456d29 |
| SHA1 | 1e7eb3ed951f9c917e079d4a216b6a517bb8c41f |
| SHA256 | 1afbb7c7ce5c9e0a89dc1c7fe689d535be757cc8e31f9e5dccfc7a8cbf75db72 |
| SHA512 | 3f0bb16081a66e68e707ead74048a232286ce4ec6aa1318104ddb18d5537553a60b0020b793c5f4fc4715ef626ca757173161d77830cceac8447c93c67e03f07 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a562ef07b748b1c26071fa252f4acde1 |
| SHA1 | 9df40814637fc2e277559b0ad37bbf1bb7341701 |
| SHA256 | 3c779af8e35b17a42d0533c4838378975872b106f24103be106d906d0dfd29fa |
| SHA512 | d1fb73b9cdf54d70af78dd8f5aa62964cf6f98312de507953c8bcd9e063b88f722a77562cbba98f88620c46169ff49076b4dba147430f6f61e21801e66a7fbd4 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | a562ef07b748b1c26071fa252f4acde1 |
| SHA1 | 9df40814637fc2e277559b0ad37bbf1bb7341701 |
| SHA256 | 3c779af8e35b17a42d0533c4838378975872b106f24103be106d906d0dfd29fa |
| SHA512 | d1fb73b9cdf54d70af78dd8f5aa62964cf6f98312de507953c8bcd9e063b88f722a77562cbba98f88620c46169ff49076b4dba147430f6f61e21801e66a7fbd4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | c0ac94dc5b1aeb98ee1d7d02fb6c013d |
| SHA1 | 85dd1315214f76ffce82acd72074555135673faf |
| SHA256 | 3b3f344a159f68fe6fcc119086b9026fc29974b4eda4cc8237421e0e580d1a88 |
| SHA512 | c7b0061e0f9338a4c7656f47ba072d880197d62b4c902ebfc5f1348d6fbfc5acd761539f2e112d278b14ed7a668e103ea81feafd4888bf50d5eac8ef1e11bbff |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | d855c25d2011639d32bfbbfa5cf2697a |
| SHA1 | 49ecf21558baea2c2ec25124d3a5eda9952009d5 |
| SHA256 | ee82d92449acbedd4bb97b5f708393c04cc4336c96611e158ad2a785d64aacd0 |
| SHA512 | 056d519b530abacefaa9c682a85810ff867e613060aa1a93c854ee0416bf5cc76c92f025a81283f222831476fb26e272680dc60223453f39bea39688000a8e08 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 3185c0207575018dc834f386516eb814 |
| SHA1 | 3954156a8a9a6c25f7fbcc113ed0b56e8fd700c1 |
| SHA256 | 6e5620b42afdf840fa843bec214544399b9e2fcf4ca8b1ab5aa9270be3c92e98 |
| SHA512 | fff533d24df6ee122e5dac486b362dbed5fd488bcc515aa1af76d4d3fb49e1070399bd7fac11fb5ae40155d3c9abd5fc027443c3128f2ca12843fa9b0040085e |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys
| MD5 | 1e12dfd5396809da1c6cc5bcffbea079 |
| SHA1 | db1aed7c81a618af1053e8c20a8f06facfc0835c |
| SHA256 | 5afffafc7392d7e587228b50862cbf2c435e45e596148fa05ac3c2d0af7721da |
| SHA512 | cbf33ba1c0af4ebe85764a969a8b60fe3e65162f6f8f4eb91790d8aee4c09a7d4e8ee6a438116103fbd966ba2c377ce538801140402711543c402e3a7a375462 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | ead0d61fc889fec9a71d995a30ed5eb1 |
| SHA1 | 5c144fe8970ed4eea0a7cfb40be156f65ccb4481 |
| SHA256 | be68774524e6ccbe35e0f76e1cc88ec34e443dd8c32588fd352e4ee24c9c7087 |
| SHA512 | 8661316166c7c0129b3b4c70acf302ecbc382db6120ae2cefb15c9519350559fc049f238e8bb4128f031abada23e544ebf0742d9135586e46fe2b3196313c1e7 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | b97e91c67832f1ff52fea79bae37372f |
| SHA1 | 6b7d1151878730cbfd15bccf19026df88ef84b2f |
| SHA256 | 85dd0da0b7340652038c46237c14309bc8c34107353050facf552805f7d7853f |
| SHA512 | d1c012bb4dbb368cd149a49fa52aa5f9ae546956f86901e4990ef46af4b658680830ce3a0b3a52af5dca2deb86d2a5567eb79e968e84e5588dcc8a81b8f452cc |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 6ca8a22b6cd94b0f2d3190beb909352e |
| SHA1 | 0cc08aa61833c412cfe2489b0c4a0bdfa1673b05 |
| SHA256 | 0d4081bfb0f3c66526e087c58f35d1ad81f7e4f4220ff7d0fcf55bd03e395e5c |
| SHA512 | 61f5ca82df0bf372ca0b741d2c23d38bd6e2a9700ed62ce3779e0820295ef177a7609a5ee4c0a76495b8d5bb3619041302926f15bf4685d2a27dd6d49b7692e5 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 782e41d63cbb95c4fcbb43384e24d634 |
| SHA1 | 028075f90a3460d42530af2dde5596c4f65e978a |
| SHA256 | e1c4382277a96f1374cf785a3f62625e2321dfbcac845a6bca8f1d9a0f479e08 |
| SHA512 | dfc4568fb10a2f34d9202117782fa10b16db8f0e5e537c85e2307c9cce1b133a4e8da3b81334ef15734aa37531e407783c39859babf742f028efb9d79a8bab3e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1b6bc31b797720ebe61e528dfccf326c |
| SHA1 | 09b2ccc85363d0c9022e8bfdb90393a26de8e2f1 |
| SHA256 | e7f45b04a4b594b48551a45e43307bcf6ab1e99342added7df91593787341a61 |
| SHA512 | 9097186ba617a87ff7ee1f95a6e3a40726988ed2f4fab075df05a1b743c869e26abfd531ffa5b0f66414af3edbbdaa50f005358051eb806764e13aaac54306a0 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | d167a8fab659cd40c28972e0f0d91390 |
| SHA1 | a53ef1fc8ee031396ce6f3044977bb4b97788997 |
| SHA256 | 8447841bf94288d36f9f304e31fcca027ceef0fe08c15b067f9c98d138f2f60d |
| SHA512 | 4ee008224935d8a3167e45d867205703519eec66bec31878ce4d12a9b30a01471fcb924da7643e974b587fac6bccc4d657569fe1d15f08479c09a1790697749c |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 48656777213e628344a9f6e0478a863d |
| SHA1 | 154d54e363c69de8e5903c8f00569339f91fefc3 |
| SHA256 | 3c2d41ca0cd8cfeed15e052723f96af137a5f7d09ff509374ed5b19c089df21e |
| SHA512 | 89a38f8dcec3f9c2a427844e147264246bcf5ddf56a37b1a81a53bce922e009044f11ad0a2d235f6bf6784daabd7266e1d1b396ee4cbcccb623f631c6c325059 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 93b4c2b50415207d82ff867d239545a8 |
| SHA1 | 531985782247dc72b96f17e42d5ec23a8a770df8 |
| SHA256 | b2afdc7c63374572484e8a8cc202ade98f55c868c90574090a42da9269b9f695 |
| SHA512 | b0890f7995283744519686d67d8a9b51db3644907b7cca4d4ce3fca2b622660af84e5c81594528cf086a92b4f57d8cd275acc63501b15a27405b96f32689ea3c |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | aae4560f94c07673fbc3a757c5f81edc |
| SHA1 | 312834234909e306583e65fba8c19bac9cea1220 |
| SHA256 | 78c1393369cebb6df21265fabc0b36b4938af2cc7c52eb1167d955c303044256 |
| SHA512 | 01f5cf03d29f51b6be7da1d25f175c24024346f8237b0bad283a1ce04a0f001a7f33e4dfec927fe83b651dc55107c3185bb8cfa9a0370d5cfbdc394319dae901 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 8d51156d6f3bb8fa2b71d8b9b715f551 |
| SHA1 | f1377b70ecc7f7d929d2fb67e4a810f4c6d7ca7c |
| SHA256 | ebc07ac35258ead78fb185ef2997ae5f5ed5a68a4a354c6a00373b79be1b3108 |
| SHA512 | 5973ec7ee71da269310b09c903ae4e7aa91f99645c324070befeba7361b0f732538f282e2a5cbb8d968cadb756b9f677cb1db644bf215f90d890f3fd013c6de0 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 10fd3b5cd470f2b15872d36bae2b83d6 |
| SHA1 | 1d305eca19436265e8e23fdbdc7f7779b2ce9191 |
| SHA256 | e9e96085b9725c2372eec1e3b9981a8807d464c583412d87b84ef99bfe51ca7c |
| SHA512 | c4c3cc15b010cf152a51eca4c5eeb449bd21b590f01d8ce5448a28c0b39d66c9d873b61601fd35c02ed984460714acfa42449bae87f69463548b7de3a089bfc9 |
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
| MD5 | 0eae912523483b77c66ebefaa361fbcd |
| SHA1 | 28fc9c46b610ab4b94ee4e6d0c33d5b155fb5175 |
| SHA256 | cc3c1308301e3916a9bdc0c00aaaefc5f4e5207b4626364500d30d7d977d3a9f |
| SHA512 | d302b81a4f7bd9a8120e437b9448b36760cde3ec061b971895cb7ebe08ed7c502428302effec80c895237719323bddec585526665fc7cd8e2beafb67d7abfb1e |
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe
| MD5 | bafe0316a997b14cdfd91ea213c67542 |
| SHA1 | 5f15257200374c7f3fc7e8858578cf2edd1fc58f |
| SHA256 | 08ef4e9363d8117bef551cb3ebc1370c066ecfecd10781b64a6510b7d2d8247b |
| SHA512 | 931fa97c40e7a8822dda69af856343effa794e304b3d22f8c5489db1b05440c2d84b9dae37a0d0429987aa4f0dd5b2399fe228b494efd1b8c27c12a4a522abbc |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 6e01daa318bfd658f941b3067e73715c |
| SHA1 | 2d34b1b70ce099640488836bd460000233f5c69f |
| SHA256 | cd8decf97f38168237f792844a5c0b87a046979975c699b7a4011557244619e8 |
| SHA512 | 526bd01ee9fb476148a445b4d96cd6e44ff916509550ca264cba8d77762af9b13c9ddb8e02eee8dfd4c9df0bd2c5d6918a91c5a73f9d530e8a88c09c2e058d20 |
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
| MD5 | bbc2f701f6397724ec997def851785c0 |
| SHA1 | ca16d57b0defe2f4f0bb4d14bea9baab5bc6874c |
| SHA256 | 083c0d95f234f624559e19a3be6de5bd304e0d0c43b68a78487cf01240bc08ae |
| SHA512 | d0efe173217fcac12c0b1c366b7742ff8d8eeb4e8689b73562e5b1ec57427b0b94b249efe05d63f8b14684a1a46890c9f89896b01882ab31bb0a601d13b7a49b |
memory/5116-5885-0x00007FF8A3D50000-0x00007FF8A42BB000-memory.dmp
memory/5116-5886-0x00007FF8A4A90000-0x00007FF8A4EAE000-memory.dmp
memory/5116-5887-0x000001F1FB0C0000-0x000001F1FB500000-memory.dmp
memory/5116-5889-0x000001F1FB500000-0x000001F1FB700000-memory.dmp
memory/4468-5891-0x000001BEC9F90000-0x000001BECA550000-memory.dmp
memory/948-5917-0x00000169DF820000-0x00000169DF830000-memory.dmp
memory/948-5964-0x00000169DFD00000-0x00000169DFD10000-memory.dmp
memory/948-5997-0x00000169DFE00000-0x00000169DFE01000-memory.dmp
memory/948-5999-0x00000169DFFD0000-0x00000169DFFD2000-memory.dmp
memory/948-6001-0x00000169E4B70000-0x00000169E4B72000-memory.dmp
memory/948-6003-0x00000169E4B90000-0x00000169E4B92000-memory.dmp
memory/4468-6014-0x000001BEC9F90000-0x000001BECA550000-memory.dmp
memory/5104-6081-0x00000291B3130000-0x00000291B3132000-memory.dmp
memory/5104-6084-0x00000291B3150000-0x00000291B3152000-memory.dmp
memory/5104-6086-0x00000291B3310000-0x00000291B3312000-memory.dmp
memory/5104-6129-0x00000291B3830000-0x00000291B3832000-memory.dmp
memory/5104-6135-0x00000291B27C0000-0x00000291B27E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H63C81AS\__bundle[1].js
| MD5 | 0d2154d70c76fc5344f471a8f6eeb327 |
| SHA1 | 7e691dc7fb01b930ed550d22c74fb11a9bd87d14 |
| SHA256 | 5526e08d2c2b8b3ed189cdc1c8de9d4596ecac1c8e7d0a70359715c403929d75 |
| SHA512 | 6cc7078bd68925adfc434f5db24ca13071a90c2381c8545a3f89129cc5e016acd6fb6a0891a0afa9bcaa524a2817ac0b75f4d7ce5ec320ba23d5acf7ccfa1c11 |
memory/5104-6159-0x00000291B4410000-0x00000291B4412000-memory.dmp
memory/5104-6161-0x00000291B4430000-0x00000291B4432000-memory.dmp
memory/5104-6202-0x00000291B44C0000-0x00000291B44C2000-memory.dmp
memory/5104-6207-0x00000291B4700000-0x00000291B4702000-memory.dmp
memory/948-6213-0x00000169E5CE0000-0x00000169E5CE1000-memory.dmp
memory/948-6215-0x00000169E5CF0000-0x00000169E5CF1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TYURQ4C0\favicon-196x196[1].png
| MD5 | e06f9d74dba1451d6cab5edd1581645b |
| SHA1 | 0f1352f4122ca56f7c4e93f207dd88c4758fd86a |
| SHA256 | 77e0c50614af96211739874ab95a3e7958a7bb4e956fa8bb431c6e6fd653aac9 |
| SHA512 | d5f0a7bb3026bb12be4101e4ecf23f954695af4696c63afcedbfb40dee3bc74327c72a632a6ee0e3e21654867a2c2420d60718f6c54af37cb4662e5313e317e6 |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | fd7a4c146148ed2666ee1f3bbd433e70 |
| SHA1 | e6b90a7701dedf0f4c978467d3f3307f0faac5b2 |
| SHA256 | 840df8d84d24c22324daf8a4e954703f18b2dcea79ae219308b26d3bd2e4120c |
| SHA512 | 293c889021fe05974fca0f373fab2592182139b4a4d3e4326f3092a8e8a48e1daa0123089bb62eec7122c6202a1e5e6bfa5fcf0e0a9b5c21a0c678301ee764d8 |
memory/5116-6264-0x000001F1FAAB0000-0x000001F1FAAB1000-memory.dmp
memory/5116-6265-0x000001F1FAAB0000-0x000001F1FAAB1000-memory.dmp
memory/5116-6263-0x000001F1FAAB0000-0x000001F1FAAB1000-memory.dmp
C:\Users\Admin\Downloads\FRSTEnglish.exe
| MD5 | 5a07604884b47a9a2c5bedf14cf742fc |
| SHA1 | ad02eb996205e3d88cdb4e3b007492f618897c1b |
| SHA256 | 8e07c5c499bdbe215b86153a4d157c6275780115062ce46c7f728caea7ef1bc2 |
| SHA512 | a24b76ed5e9593ce8fc0c2066929304adf27e6bbe37dca61a03c82677cc6f56bb2866140c1f62fc0aecc1cfbc249a146eefafa3b65b4fccfe3dd4eb5e52891ab |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | f7ed2e6d95d4518052bb07e168c289e6 |
| SHA1 | cf3bdd3a8fff395f9eb81263a9b158c69a241057 |
| SHA256 | 88696f28dd5bb2bbc9a4110e07e572bd307c5fcf994bf4d06a69783969f23061 |
| SHA512 | 4f68be264c1e997fb5d9254aef01f8085cdbb452d6fd6cd352674c8c404e446b08b45e32319db769456b171dae307af72d142189dbb8826a341e346850f66bfd |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 0b491c99e3b60f1ce0617125c783ec98 |
| SHA1 | d561fcacf5e6f6b35fb0cca665296035ad2acdfe |
| SHA256 | c57959a5e44a116ad44a7e88700e26052ab6bfdcec5ea359f9ac70c3b3571b2c |
| SHA512 | 1654adf897fe6a1ec4c71d1240d5164d868c423c93809e1f285fe75227ab035c8f621e7e774ff781fbe1af14cfd93b08d0675d29746fa0ead475906eea0311d7 |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | 6e8e3751bfc7bf938904c95d0b0eace6 |
| SHA1 | 09d76e99d77ce56862b23cff6a577ee38e9dea75 |
| SHA256 | cd2c38734bc06693e7806475b36cc65e473b98a84763aa867348c13436378571 |
| SHA512 | dadcaf447cd25d66d084444649f99d4c29567cfff447993f3ce3f0fb8ecd80a06e205766f655f4ae28f4c5754bb0b5ef61a16810be8372c89d3e6750bcff7e42 |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | a0d72b1f12d8b92efb88848fc4fe9a5c |
| SHA1 | 6e6b5e6d41e69caffb45ec79391e5d98634c1413 |
| SHA256 | 7c3f253884bc30c599d03ea5db4ba5e99720fe9a536e96dbc3a8b08e7584ba11 |
| SHA512 | 4b00984c2ef6b083e729d154fe2d5fb42f44fa743e745a3f9bad48025868b1e663e7defa3941ea050880162ca99e61eeb9de22010cd073debb666296a3df60d4 |