Malware Analysis Report

2024-11-30 13:31

Sample ID 240604-t2wr5sde27
Target winspace_latest.exe
SHA256 d21818fd57079745bbf23df611070c6a4fee748d6cc7d8ab4db509689b604594
Tags
pyinstaller discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d21818fd57079745bbf23df611070c6a4fee748d6cc7d8ab4db509689b604594

Threat Level: Known bad

The file winspace_latest.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller discovery persistence spyware stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Modifies Installed Components in the registry

Downloads MZ/PE file

Drops file in Drivers directory

Sets file execution options in registry

Sets service image path in registry

Modifies RDP port number used by Windows

Reads user/profile data of web browsers

Checks BIOS information in registry

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks system information in the registry

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Script User-Agent

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Views/modifies file attributes

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 16:34

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 16:33

Reported

2024-06-04 16:48

Platform

win10v2004-20240426-en

Max time kernel

411s

Max time network

548s

Command Line

C:\Windows\Explorer.EXE

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 2320 created 3156 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B} C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.118\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A

Modifies RDP port number used by Windows

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\brave_installer-x64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32 C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.118\\notification_helper.exe\"" C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ = "C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamsi64.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\kernel32.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\wbemcore.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\Amsi.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\fastprox.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4B.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_uk.dll C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_pt-PT.dll C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\ta.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_606809565\metadata.pb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\de.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandlerArm64.exe C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Configuration.ConfigurationManager.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\StudentNTP_Luke-Berrigan_x1280.jpg C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_966325963\list_catalog.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-cs.hyb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\expapply64.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-et.hyb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\StudentNTP_Ben-McCarty_x1280.jpg C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1632659101\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_sr.dll C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\BraveVpnWireguardService\wireguard.dll C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\chrome_url_fetcher_2212_1713553084\jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3 C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-de-ch-1901.hyb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Diagnostics.EventLog.Messages.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1045159697\_metadata\verified_contents.json C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\93bc0d1f-9dfc-42ea-a655-460410a108ca.tmp C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-da.hyb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1632659101\1\scripts\brave_rewards\publisher\github\githubAutoContribution.bundle.js C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en-GB.dll C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
File opened for modification C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Luna.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\es-419.pak C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\resources\brave_extension\_locales\th\messages.json C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-ru.hyb C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationClient.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_ms.dll C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\nadeem-choudhary-1.jpg C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\5428_13361992907330456.pma C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE7ABFE9-8F8F-4EDD-86BD-9209FD072126} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3968E6D-3FD5-4707-A5A8-4E8C3C042062}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F1E58D1A-2918-4508-908A-601219B2CCC6}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ = "IArwControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ = "IMBAMServiceControllerV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4AC5360-A581-42A7-8DD6-D63A5C3AA7F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C510D99-F27D-457F-9469-CFC179DBE0C7} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BFD0661-4D6A-4607-8450-2EF79859A415} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ = "_ICleanControllerEventsV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController.1\CLSID C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79D77750-02E0-4451-A7BB-524ACD93DD93}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\VersionIndependentProgID C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\ = "IMWACControllerEventsV6" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}\1.0\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19E8B60E-50A1-4E29-9138-A13421D2BF7D}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\ = "IMWACControllerEventsV11" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B243B0B7-0567-4DA5-B8E4-A4CE22A4F2B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ = "IScanner" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5DA5CFCA-E804-4A2F-8B93-F5431D233D54}\ = "IMWACControllerV16" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8} C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\NumMethods C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ = "IMBAMServiceControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F275D775-3A22-4C5A-B9AD-6FE8008304D0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ = "IScanControllerEventsV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1964 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
PID 1964 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
PID 4948 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
PID 4948 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
PID 1072 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1216 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
PID 1216 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
PID 2488 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
PID 2488 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
PID 4932 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 4932 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 1072 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1072 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe C:\Windows\system32\cmd.exe
PID 1588 wrote to memory of 2220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
PID 1588 wrote to memory of 2220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
PID 2220 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 2220 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 2220 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 2220 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Windows\system32\tzutil.exe
PID 4356 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
PID 4356 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
PID 3736 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 3736 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 2448 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2448 wrote to memory of 2992 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3736 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 3736 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 2512 wrote to memory of 3140 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2512 wrote to memory of 3140 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2220 wrote to memory of 464 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2220 wrote to memory of 464 N/A C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3736 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 3736 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe C:\Windows\system32\cmd.exe
PID 4280 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4280 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 464 wrote to memory of 3008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe

"C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe"

C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe

"C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe"

C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe

"C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c title WinSpace [Elyx] [1.0]

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "winspace_api.exe -e 2344aiusdefplk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gh auth status > lg/lg_status.lg

C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe

winspace_api.exe -e 2344aiusdefplk

C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe

gh auth status

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gh auth login -p ssh -w --insecure-storage --skip-ssh-key

C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe

gh auth login -p ssh -w --insecure-storage --skip-ssh-key

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe

winspace_api.exe -e 2344aiusdefplk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/login/device

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2eec46f8,0x7ffd2eec4708,0x7ffd2eec4718

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c attrib +h ./"Golden-Admin.zip"

C:\Windows\system32\attrib.exe

attrib +h ./"Golden-Admin.zip"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd30e1ab58,0x7ffd30e1ab68,0x7ffd30e1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2396 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4884 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4436 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8

C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe

"C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe"

C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5RDMyNkU4Qi02MTU3LTQzNEUtQUU0MS0zQkYzMEQ2RDE1MkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MDExMkVBNDctRUQyNC00QjhFLUJEQjItNDUwNTNDMzY0OTMxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2NTAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{9D326E8B-6157-434E-AE41-3BF30D6D152C}"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc

C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\brave_installer-x64.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp"

C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp" --brave-referral-code="BRV010"

C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff79a8befe0,0x7ff79a8befec,0x7ff79a8beff8

C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp" --create-shortcuts=0 --install-level=1

C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe

"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff79a8befe0,0x7ff79a8befec,0x7ff79a8beff8

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5RDMyNkU4Qi02MTU3LTQzNEUtQUU0MS0zQkYzMEQ2RDE1MkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OTdFNUE2MTktODg4QS00MzZELUE1QTktMEMxQTFENDE2OUREfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMS42Ni4xMTgiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEyNS4xLjY2LjExOC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEyNTQxNjQ3MiIgdG90YWw9IjEyNTQxNjQ3MiIgZG93bmxvYWRfdGltZV9tcz0iMTIyOTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQwNyIgZG93bmxvYWRfdGltZV9tcz0iMTM0NTAiIGRvd25sb2FkZWQ9IjEyNTQxNjQ3MiIgdG90YWw9IjEyNTQxNjQ3MiIgaW5zdGFsbF90aW1lX21zPSIyOTQ3NyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffd47b32c80,0x7ffd47b32c8c,0x7ffd47b32c98

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2008 /prefetch:2

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2180,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2440 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3356,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3372,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1844,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4116 /prefetch:2

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4752,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4764 /prefetch:2

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5236,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5224,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5464,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5540,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff75f0cefe0,0x7ff75f0cefec,0x7ff75f0ceff8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5468,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff75f0cefe0,0x7ff75f0cefec,0x7ff75f0ceff8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5724,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5736 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5272,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6116,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6140 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5688,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5860 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5848,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5696 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4912,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5080,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5968,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5528 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5720,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6436 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5972,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5600,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4384,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6280,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5672,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=6396,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6148 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1272,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6168,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5168,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=784 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5980,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6264 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4768,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6036,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6264,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000160" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5340,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6456,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe

"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5824,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6684 /prefetch:1

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe"

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe

"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe"

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core

C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe

ig.exe secure

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 224.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 105.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 192.178.49.195:443 id.google.com tcp
US 192.178.49.195:443 id.google.com tcp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 brave.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 18.239.236.32:443 brave.com tcp
GB 18.239.236.32:443 brave.com tcp
US 8.8.8.8:53 analytics.brave.com udp
FR 52.222.201.126:443 analytics.brave.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 32.236.239.18.in-addr.arpa udp
US 8.8.8.8:53 126.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 laptop-updates.brave.com udp
US 151.101.1.32:443 laptop-updates.brave.com tcp
US 151.101.1.32:443 laptop-updates.brave.com tcp
US 8.8.8.8:53 referrals.brave.com udp
US 3.165.113.124:443 referrals.brave.com tcp
US 8.8.8.8:53 32.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 124.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 updates.bravesoftware.com udp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 dl.brave.com udp
US 8.8.8.8:53 66.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 updates-cdn.bravesoftware.com udp
US 18.245.199.86:443 updates-cdn.bravesoftware.com tcp
US 8.8.8.8:53 86.199.245.18.in-addr.arpa udp
FR 18.244.28.66:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 star-randsrv.bsg.brave.com udp
US 8.8.8.8:53 star-randsrv.bsg.brave.com udp
US 8.8.8.8:53 laptop-updates.brave.com udp
US 8.8.8.8:53 laptop-updates.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 go-updater.brave.com udp
US 8.8.8.8:53 variations.brave.com udp
US 8.8.8.8:53 variations.brave.com udp
US 3.165.136.127:443 variations.brave.com tcp
US 151.101.1.32:443 laptop-updates.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 54.68.50.215:443 go-updater.brave.com tcp
US 35.162.210.216:443 star-randsrv.bsg.brave.com tcp
US 35.162.210.216:443 star-randsrv.bsg.brave.com tcp
US 35.162.210.216:443 star-randsrv.bsg.brave.com tcp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 componentupdater.brave.com udp
US 8.8.8.8:53 brave-core-ext.s3.brave.com udp
US 8.8.8.8:53 brave-core-ext.s3.brave.com udp
US 8.8.8.8:53 127.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 215.50.68.54.in-addr.arpa udp
US 8.8.8.8:53 216.210.162.35.in-addr.arpa udp
US 52.24.49.71:443 componentupdater.brave.com tcp
US 52.24.49.71:443 componentupdater.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
FR 18.164.52.54:443 brave-core-ext.s3.brave.com tcp
US 8.8.8.8:53 54.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 71.49.24.52.in-addr.arpa udp
US 8.8.8.8:53 redirector.brave.com udp
US 8.8.8.8:53 redirector.brave.com udp
US 18.245.175.54:443 redirector.brave.com tcp
US 18.245.175.54:443 redirector.brave.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 54.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 52.25.170.148:443 go-updater.brave.com tcp
US 8.8.8.8:53 148.170.25.52.in-addr.arpa udp
FR 18.164.52.22:443 brave-core-ext.s3.brave.com tcp
US 8.8.8.8:53 22.52.164.18.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
FR 52.222.201.43:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
US 3.165.113.106:443 tcp
FR 18.164.52.85:443 tcp
US 3.165.113.106:443 tcp
US 8.8.8.8:53 43.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 106.113.165.3.in-addr.arpa udp
US 3.165.113.106:443 udp
US 3.165.113.106:443 udp
FR 18.164.52.85:443 tcp
US 8.8.8.8:53 85.52.164.18.in-addr.arpa udp
FR 52.222.201.43:443 udp
FR 52.222.201.43:443 udp
US 151.101.2.137:443 tcp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 52.12.90.117:443 tcp
US 172.65.55.248:443 tcp
US 52.12.90.117:443 tcp
US 8.8.8.8:53 117.90.12.52.in-addr.arpa udp
US 8.8.8.8:53 248.55.65.172.in-addr.arpa udp
US 192.0.66.233:443 tcp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 54.225.65.73:443 tcp
US 8.8.8.8:53 73.65.225.54.in-addr.arpa udp
US 18.245.199.6:443 tcp
US 18.245.199.6:443 tcp
US 18.245.199.6:443 tcp
US 18.245.199.6:443 tcp
US 8.8.8.8:53 6.199.245.18.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 52.24.49.71:443 componentupdater.brave.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.70.33.70:443 api2.amplitude.com tcp
US 8.8.8.8:53 70.33.70.54.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 52.25.170.148:443 go-updater.brave.com tcp
US 151.101.2.137:443 tcp
US 151.101.2.137:443 tcp
US 52.24.49.71:443 componentupdater.brave.com tcp
US 54.70.225.219:443 tcp
US 54.70.225.219:443 tcp
US 54.70.225.219:443 tcp
US 8.8.8.8:53 219.225.70.54.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 18.245.175.120:443 redirector.brave.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 8.8.8.8:53 36.79.211.18.in-addr.arpa udp
US 8.8.8.8:53 120.175.245.18.in-addr.arpa udp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 87.91.86.99.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 52.24.49.71:443 componentupdater.brave.com tcp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 18.245.175.120:443 redirector.brave.com tcp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 52.13.234.244:443 go-updater.brave.com tcp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 244.234.13.52.in-addr.arpa udp
US 8.8.8.8:53 10.91.86.99.in-addr.arpa udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 52.10.79.24:443 tcp
US 8.8.8.8:53 24.79.10.52.in-addr.arpa udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 151.101.2.137:443 tcp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 8.8.8.8:53 188.104.208.3.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.68.108.174:443 api2.amplitude.com tcp
US 8.8.8.8:53 174.108.68.54.in-addr.arpa udp
US 54.70.225.219:443 tcp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 3.228.238.183:443 iris.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.155.232.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 183.238.228.3.in-addr.arpa udp
US 8.8.8.8:53 192.232.155.35.in-addr.arpa udp
FR 18.244.28.82:443 tcp
US 8.8.8.8:53 82.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 search.brave.com udp
US 8.8.8.8:53 search.brave.com udp
FR 52.222.201.43:443 search.brave.com udp
FR 18.164.52.71:443 tcp
US 3.165.113.106:443 udp
FR 52.222.201.43:443 search.brave.com udp
US 8.8.8.8:53 71.52.164.18.in-addr.arpa udp
US 172.67.73.98:443 tcp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 98.73.67.172.in-addr.arpa udp
US 172.66.40.60:443 cdn.paddle.com tcp
US 104.26.6.95:443 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 60.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 my-api.malwarebytes.com udp
US 3.210.52.38:443 my-api.malwarebytes.com tcp
US 8.8.8.8:53 38.52.210.3.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 8.8.8.8:443 dns.google udp
US 44.241.217.194:443 tcp
US 8.8.8.8:53 194.217.241.44.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 54.85.56.152:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 152.56.85.54.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 ocsp.trust-provider.com udp
US 104.18.38.233:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 172.64.149.23:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
BE 104.68.78.119:80 www.intel.com tcp
US 8.8.8.8:53 certificates.intel.com udp
US 2.22.144.157:80 certificates.intel.com tcp
US 8.8.8.8:53 119.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 157.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 ocsp.thawte.com udp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 updates.bravesoftware.com udp
FR 18.244.28.7:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 7.28.244.18.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
FR 18.244.28.7:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
US 18.245.175.4:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 updates.bravesoftware.com udp
FR 18.244.28.11:443 updates.bravesoftware.com tcp
US 8.8.8.8:53 4.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 11.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.155.232.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.155.232.192:443 telemetry.malwarebytes.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\InstallOptions.dll

MD5 d1eefb07abc2577dfb92eb2e95a975e4
SHA1 0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2
SHA256 89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a
SHA512 eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\ioSpecial.ini

MD5 0f7e5554acd036d5916ace786f63f36d
SHA1 1554ed63b7286539433a7ac15ac486912317954e
SHA256 ca28973d2af9cf63521d05ba59e27a27a42f8f28a9196890576f533ab3270d59
SHA512 8e41ca8ff05a6401231bf3c5a2f93be17a53a8ead55013f977fbd9890355756a94487eacc4f092cb1a7c532b5dc0e21e97e5f74890b5f2944edf0d866b5c5c16

C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe

MD5 ee23014e2a607eab2887bdbfbd1b2033
SHA1 6693d015a5a13c243e8b574254a0bdbc3c0b5be1
SHA256 e01c68fbcee4c013c852c5dcbc89867835f029663dbe055cc827368bb44533d4
SHA512 8ced593d9bb7270edff419bd6944d288752dabb30cee996a948d2660069c4c774765b98e966c03f4be1da4dac818022d2763d5aa12aa37a4eac95ba5ba5a1f00

C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\ioSpecial.ini

MD5 7c070f1b9a91aeffaabf280eabc17b81
SHA1 969d8b8ef78426c52cb0a2a96aadfdb50264e3c6
SHA256 3025e10d0580d03768824928f03d74bc054e40ec33f560c2f67e177f53b970f1
SHA512 d22f1cc51dc2e834bfeb2576e8f88d833b8d61f79debd27d6c9ae78262c4668f47f41935103b1eeaac23cd112d5f5446866f731d19d0a2a6a40aa4773a0eec10

C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\System.dll

MD5 192639861e3dc2dc5c08bb8f8c7260d5
SHA1 58d30e460609e22fa0098bc27d928b689ef9af78
SHA256 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
SHA512 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

C:\Users\Admin\AppData\Local\Temp\_MEI49482\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI49482\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI49482\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI49482\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI49482\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI49482\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe

MD5 e6f96b324c706d13150ac454c2ce05e7
SHA1 40b8525326ba394b3a9c10075ffe8be6472c5cbc
SHA256 945fa2a8d438a5eb0714c3056dc420ff6e742372dd944d1b3003216de6ff7b2e
SHA512 f08cc8ea7c99023ae2803c96cbe953423f6866f7fbb90945296e4958d523395277fe6fded1006b9534157c34f40f5668e36d3f44c9700df4e8024e525c7399a7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd

MD5 5b9b3f978d07e5a9d701f832463fc29d
SHA1 0fcd7342772ad0797c9cb891bf17e6a10c2b155b
SHA256 d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa
SHA512 e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_sqlite3.pyd

MD5 29464d52ba96bb11dbdccbb7d1e067b4
SHA1 d6a288e68f54fb3f3b38769f271bf885fd30cbf6
SHA256 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe
SHA512 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd

MD5 6e0cb85dc94e351474d7625f63e49b22
SHA1 66737402f76862eb2278e822b94e0d12dcb063c5
SHA256 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b
SHA512 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_overlapped.pyd

MD5 ba368245d104b1e016d45e96a54dd9ce
SHA1 b79ef0eb9557a0c7fa78b11997de0bb057ab0c52
SHA256 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615
SHA512 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_multiprocessing.pyd

MD5 a4281e383ef82c482c8bda50504be04a
SHA1 4945a2998f9c9f8ce1c078395ffbedb29c715d5d
SHA256 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c
SHA512 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI43562\zlib1.dll

MD5 297e845dd893e549146ae6826101e64f
SHA1 6c52876ea6efb2bc8d630761752df8c0a79542f1
SHA256 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1
SHA512 f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI43562\tk86t.dll

MD5 9fb68a0252e2b6cd99fd0cb6708c1606
SHA1 60ab372e8473fad0f03801b6719bf5cccfc2592e
SHA256 c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de
SHA512 f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

C:\Users\Admin\AppData\Local\Temp\_MEI43562\tcl86t.dll

MD5 21dc82dd9cc445f92e0172d961162222
SHA1 73bc20b509e1545b16324480d9620ae25364ebf1
SHA256 c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03
SHA512 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

C:\Users\Admin\AppData\Local\Temp\_MEI43562\sqlite3.dll

MD5 612fc8a817c5faa9cb5e89b0d4096216
SHA1 c8189cbb846f9a77f1ae67f3bd6b71b6363b9562
SHA256 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49
SHA512 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237

C:\Users\Admin\AppData\Local\Temp\_MEI43562\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

memory/2152-1322-0x0000020F8C920000-0x0000020F8C942000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bochmium.0pb.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb4ac2b8cc888f9e90d4fe2ead634a24
SHA1 c327858eb7f0cdf5d7d74ca85556c67fda63b40c
SHA256 5cd0c792c102b3e11aaa852853e24e31443e3d9975c557c7e8c6d955a3ab55d9
SHA512 afcecf2426e4b088de6fb0bd8fe396b85f988718f6fb5bd367c047eb2ee2387232776b98f16026743e4d69b2d2fecc2d0a54b6b69a9342f08b7035aa78720d91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4610ee5a680dbcb471347872de9e21b
SHA1 6656a5410d52bc397cb8c3e81d60de0eeb9967de
SHA256 1e8bab9a25700e16358299018ed5464da743313c7fc9076c2d34f0aff763d80b
SHA512 be2043569f09deecff02ad9af753be07360cbdc715c634f5513356d884459e849ebdc4c3f8d9b1ec4df6889b6dc4bda6b4bc7620f1fc4a14e0ba60378f73239a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b62e5e3db15c720486890163257565d
SHA1 65cc40e992a8bd9eb891e1ecc3965917a3fd3c1f
SHA256 3f5ffc6fe7282a7fce5bae8f14d9cee85286497b1bdb8577457b032ab79c6886
SHA512 df99a85f0d6a0825d67dc5e48d5d96a9419647d3cf148727fe2554bdac49418c19182e137201cf6dbd0bb4f0d32b2532e443dcafd472cebc4d1a7ff19f4f5e7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 923c64ed49db68c8582a3a56d715d6dd
SHA1 729b8cc0824143ae789cd0056b9121939d343825
SHA256 3159ed38a3ad882e525709f9ae4f0595d0991eb64dc4e2e067eab62d8aed386a
SHA512 dfd13708792d764a7644e403e42796ce8bd8d12798bfc2f667a3768f260399e802cbb6f53f1671587febb4edc8f3c15b658ecf4a97a26892d474a9ce84f502c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6d32fd68facba40a24fe87a48fbe656
SHA1 dd555674d40abd345cf88894a2eeda6aabed5c46
SHA256 68368251260b291f32c11e987237aa5ec3749969f6ef246ff951b2cf830e322d
SHA512 a38c03678878a1420cd6de7ba4f379416f0944b064a151937bb4a4354f4cbf481fefbf551444d608029203adda5f8eaaf70870c2b1f117a55d0cf313949ee87e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 cdcfc12e3bfc949a23ada43e6b26c8e2
SHA1 b14e51d6a785a6f66bc796ed3f25fd9557de1880
SHA256 49cc7f206f6ea51f302edc5228a1e165346959ced8e4f3885c3133abd84c1eb2
SHA512 d762228bb9e7a88e287d8be3422035e645126a029969279ae7c7e28b5fa1c6c423db97e71e61fcefdedf124700f13d50ad7f5d09f18f777172d5a62eedd89d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6d77c748a815affda97a19a2c41d8a92
SHA1 4e827c762ef5b586bfc3f7ffbd87ac2d36723e74
SHA256 701a731d9f61e7a3c3a2a7c38666e9b73d07167f5c809663defd7f84f4e6890c
SHA512 c06c131a7f703bf31730e2161860aaec194ae682075f9822cb4ea628a294cece98ae718f9db3bc909cb45231eff0ddf42e955cb3cb9b2113f38c1e110aedbf97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a8a11b03440a22a9ae024b9ee811c2d
SHA1 0b937f20f008e6126be2ec3ced7b1d7f8e43afd0
SHA256 0cfe6f5311a5bbe96a7ff786811dcc466347f91d93176fec3168bcd24fa188fc
SHA512 aab3ce184407eab01cbe0a387583d77a093d1c3904975581b166ff268a8287bb62a3f2365c03814cf91f5df68e8f163521dc34097580ebdc6f1ebced1a507514

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 61cc73e861f849906db47b4be5c4f4c9
SHA1 37e1704c332dfad8949bce98d703e69291bff76e
SHA256 a5f569be9a5118a04e4365b6ab7e9c354415e08101f176236f4f0d2e2d771119
SHA512 7be86b3aa8e547d8fe33f8679a81e0f2291d09e34c8c51060a78f8d71a13c69a8ee61171ccf133cdf5f777ca0c7667e1b1edeedad07e998ab69a47c28bdb6bc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c6e04a0c89f52075442ba6f5aea9414
SHA1 b0aec4edfdeaa7db186b7698b6e795cd8afaa14c
SHA256 08f3bc02f689b29f6d5b90ef11a2a898e07bc310e39d9b7762799afb170cb0b5
SHA512 aff1577c745af092a3c9a7ecaed87900a28b1d9d1d8b392fcb0715f35adf6a2fef882d6959f20f2c60acf89a9c0058d65f3c0e645553dc15d5713e0be6e8dc03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 e955953b801c04327c1e96c67dd3c618
SHA1 f9061d3780f153e863478106bf1afd85132bccb0
SHA256 e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45
SHA512 6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1d91a45820c8e4ed3465573fe3943b8
SHA1 0acacfc99b079025160354c8401adf3c27654b94
SHA256 ac0640900e98e8bb4c6ae1f247923af23107ff98933c58516cf024bf3a199a53
SHA512 2102bc456f22655f4ac7e19ec4c2c7d718a688c20052c29ae3de3229d00c9e56148fd19c4cc6c99ede5c13bc2a6e56402b84a6a788f992c2d04ddee5b3b87d76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bc8d9c845f997e96aa4e369c44b04bbd
SHA1 843a2369beb5009cdfa72eceb2a229fee2b08233
SHA256 729bd19c603b21a749e7b406a3bafcabda0b7ae45d9e522715b1440fd4f88cda
SHA512 e82f451a13642da7efcab3bc2f37a6a1b97164bb3b20342c8897a4abf5e7a4a73ce2f23f806bf4e007956ab514d3829d977c3dfe5e26ac7ac378649b862c0ec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 e087a08c4a2c410cb2a1b64d01fbcd98
SHA1 c9717002de051a11e1500edb6650baec68873526
SHA256 13bbb3f2a49dc51a8e4026490617879394a88a96a2d59089fbafd140faa7e276
SHA512 7b1fd428b8fe2a8635b336ebf18910e1f20e7f4ddc05e21ac8ad58830d627762b2487b33821cbdfdf54e7f453c0b3415207f89ba676b282dcff595b98c46adf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c40a8199f87fcb99bfe405814d9f0f58
SHA1 5cde8ee19716d95c03474f7e038a38bf8ef100f7
SHA256 e56ce0920432fa3e1b929cef6e55e9a6d548fa9266cf0920931023539998be60
SHA512 3bf7ecc874130b07458d2ed4a690f1e995dace6832791a8bcdd543e78fed4832e7d3531b14977d10e3336201ec07a73e55fbd6ea0077e7ce9756de61e759860a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b159.TMP

MD5 080109caffb12266a02e411388353488
SHA1 9e3d3776b08869000676bf98895791d04765440e
SHA256 f638c322e07aebae620660dfaca931ec60eb76260c71168f90344639410c5ed4
SHA512 bbd2b9e6b0188828fba0a9989b1eeba11c5c51dc137fb0a41e9945cff9e2c4604801dfd211acba3606cc35d8c5edfe47c420f70f761c5ec456d290b680d3674d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3afe99c688432697d929ac3e6c531e4e
SHA1 a7aa87cc382e4b43c92e6cc9b93b590a28bee05d
SHA256 3eb5852cc02766adc416ad78a772bff36d4ce17db38dd950f52c8b8513b2b9e2
SHA512 dbf6b764ca4bb4b664961d6f4d06fba5fd490b48c29aabb6abc8d325f07d748cc85c1fa0e163fb2ad5aacca84346378d5d615522d6aa8b85436291620e832a3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ba43.TMP

MD5 3a0a08ad4fa2f6cf309aaec198302090
SHA1 1c0dac10ee4946e241f82056d17fedcb2bd942ea
SHA256 f538688e36a17b19193dc203489a161f9ee8dd72691ec0c7633895cfd8a781dc
SHA512 41dcf711fc029c810d6dbf160583d60493098fb5355a80d3b4944f7cbd08e446cc2f65a04e98cde089b73558b105ca6119fd1441a036492d3280f192e54b730e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 f7284dacd9314c4b9aca730b0dd12278
SHA1 3c772f75ca632813eee80ba14e71447b9523ba52
SHA256 b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8
SHA512 b539a1aa9244eb4b70dd2ca7075a0e200ba5f5ad8f284c17ea0e3bd893bdf3852e5d0bd13f2a4f2b311baafd370e950d8ab8217971b5451c34015ecdcddf88b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30dd8e2fac854cbeea74e804710f52e3
SHA1 44f1b460a87fe311cc8b8dfcfa262ad744ba643e
SHA256 852e11c880db340ae1207669e0d521a5d1831daf39d805ecb914df05901e76ae
SHA512 0126118770a319848b4f6d23ceb2371318f0e5f0a01b44084a0b42ce62fe3b039531c11b9c5155758aee3af3e059323157c1408f7b0b96ed0ad3371208b88138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06bc32d1-f218-4ae7-a957-13f024417c92.tmp

MD5 5494c3109cc977ddbb44731e1e2953db
SHA1 8260a2975de7569006c99080f09f2d8a1676aa9a
SHA256 05fe0c0d2cbb1accd8fc3476133646915430165454b20cc469d3c153364f1523
SHA512 f1613c6daffdc46cf5466efc5fa2a3e3214bf7068f0de7e1b6e8b6a9b872c059c1b3fc17a6bcbce05261343d5058a56b03ec717d87270bc2872f1882b9c670ea

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

MD5 f0d250e7864b14a6bb54b3dafc8b6b36
SHA1 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f
SHA256 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b
SHA512 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3fed79592a428f9f67ee60f71495ab27
SHA1 ada0e926e71a08ecc7a5cf747968e9db428fc1fd
SHA256 74c0f6e8ee6e7aa41f85b64124333729d4a90dc193b382e2e8805cfc23477956
SHA512 f8206debd1310b90742b6418bdebfa76668a8d317a305b3e833808d6681f75cbbab29f773b040b5baf7b1c1a0164d6407220190e9c0a6e93d1f0566a0d114357

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e72be7890a99f4d15327073a0ca3fec
SHA1 9daab665ed006241fa740a58603c1714c1dc9059
SHA256 06e5aa8a1be751b6e9490756197f030e9954fa61a702f43d03e9ef406b17ee17
SHA512 6e9b0836652ba8e283b1c6b582e2e969e0645759ce55d6580ce278f00096d48f38d025c5bd6ddc74f7714df495c088c2df4f200cd6a848fb4914ff9bf8690f1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 53a7682d0edf32852dc184dc8373647d
SHA1 1fb5655b12c6b11c0fa9bcd77312c90d176d93b1
SHA256 39c2eeaaed729d79684526179212df976a1179e80da07a562af312161b816491
SHA512 f70770416161ead90ff636da0e2eca29db0031368a369d50e3e782ee1fa463e28f6d7abb8d264fa40951ed2cad08278adc72bce4f978c44278f660f51f547678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c10dbe315d959d2b9f9f3606473cf4ac
SHA1 54f7461ddc1513d21e4c79e40729647c77b78e78
SHA256 f3282abdc9385a6709f1cde5b3b8c28dbd6936472fa8b1f39abc3ce175e5a1d2
SHA512 31f51a9d64231d66786ff22625035e709c4fb9de55df1826445e1e5990a72dadf5084e956209dc8ed22809b4df5401727ffe85037a07492ec9bf37638bf97079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 506ddeeab5d4d645d787257908c203ed
SHA1 7a77681ed5474a237bb54f1a082a17cf576200fe
SHA256 bce69bd515b3fd55cce6f5bd48369080b718aad3d42d589007fa7a022c5731a7
SHA512 ef53b0ff2f3400d1e01f31ac053b517a8618b6075f2c89623dcfadaafe24c617fc16223a17131e4ceead9e32572e24cf9c9b03a4cca0fba63b6679005139a6df

C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\setup.exe

MD5 ca0cdaf50b7af48efef8afa84a355b57
SHA1 08c59e77cc13fa8f7eae061a7d58cf2f7510dee1
SHA256 4ab81a1acba32e190e04a21e94a811351d020ed09ec7f3ea81a4e685449785b0
SHA512 b7b08551ab48e579d93b81eca285168d2ab69c33fe6815463aad36a9fef36f680656b4bdea1b65565969584f4f1adc909b6e8f2a68939527ba82d5b775bff97e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe59a5bc.TMP

MD5 7736e969a57f599ac524e486ae9c42e1
SHA1 8546f5a2888ad49c9c24fb6621665585da8b2f2f
SHA256 931ba07b1dea20e206828b7548c4714a13f989051fae601cbb3414d99a563055
SHA512 6d94eaaeb4ea5bc4b2679b0c1d5157c929347939b95def56e62c382c12c676ba4dc75d973d1fe7b2c60e432d0891c773a9b45447ee214737e826998ea550af96

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 dc3a628b1846b32510e056fad4786294
SHA1 d8867a77d55906d97e2fa11356918e8ccb526a0b
SHA256 a7fb4532c56c5e1a7855453634f889628018b4633bb61c73d815a2dca93c2585
SHA512 e2677176e57fd1c6c03e72ddd83646e95e62de3e7766ff6042b922266b2bc1c768910e42b5b7c3786d8c394d1d53862801ef93fcb482b2726ec668a1a46a329b

memory/2644-3313-0x00007FFD4E890000-0x00007FFD4E891000-memory.dmp

memory/2644-3312-0x00007FFD4D130000-0x00007FFD4D131000-memory.dmp

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\34e0c301-a952-4bbc-94b4-0425db331c6a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\51a24af2-3a4b-4389-b3cb-be73e4b2f9ce.tmp

MD5 dceb0cfa9b61effc8788488f43747572
SHA1 c43235ebfd21469a747e8a264b67f874e0400cb9
SHA256 4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a
SHA512 a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

MD5 c75766c7e2964f7f9fb467476d0370c4
SHA1 e83a6fda53d23d166a726a017c80276ea7cf8b60
SHA256 602b36cb92d857a6231d1e8d3df1dd6bf19d3aab33e9163ee319c4d4e294ba54
SHA512 22a17cd55f161d052c027f36e42d5d354d94a90edc5d49a69650fa0da5ad7747abd78aa185e1eedf5fe610b9409a822fa72063affb849d301c68c87d331c6b1e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

MD5 04ba73fe6abd9068788e7e2b8188b625
SHA1 ac70151f86b2ef3d00ccb9da866769dca05f0cef
SHA256 e417924c20a4b5b7f1c70fae15f4c4309b9eeee9b69691c98baedb7ebbe5e508
SHA512 011c31484df258842ff4e31f00d917451107ca475ed689f994a03c71b9da22e2ae7c5b204cf20859ca903c6db27f1b442566a7798d0172fcd7ae5e941315d611

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_254ef2e5bbd09511f8417d8ae7b40a436dced204b888629f39601f912e259803

MD5 e5b08ddd037c546d397df82d0d6e7d3a
SHA1 ee2408b971124367954b1e29afeefbc6d6adb7dc
SHA256 254ef2e5bbd09511f8417d8ae7b40a436dced204b888629f39601f912e259803
SHA512 db6e6608adf8951a68436664531efc1053b06237f1e2f4d647f3bae703a6423c02e194ac250a2f2a92226755aa3f879a4562dfb0491c9423116c26724ffd47e6

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1360278192\manifest.json

MD5 7488b6d6720532f4a267d26c247141d6
SHA1 8c94c0b8a7da8bb87085cce4ad42641ad3e8a842
SHA256 fb5f4468336ac50fc71dee3568ed7bb2392952261076ea306fc9f4ed5972bde5
SHA512 8567b3e896b5dd0bb3608f3fd65fd8cefd284ec4ed5dfa2d6803a962ff41d2c7a59c933f4dc9b9c7c6f6ffc4c0e8e85f62974fe3fbb09f758c2025523355dc42

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_483128681\manifest.json

MD5 1ee6fefe3b23c7c7a8059c979886b744
SHA1 aed05f078d9b3da40e63a991ca07e36c99d67633
SHA256 ce710effc16c600f9b09699c3dd82c94ef60f63c98411d14dedb6c5dfc201d28
SHA512 9b609cd8afbcf2c53cf71dda6c235914155f704d7119090658b55ed96b28c950c110cc4a2955e0780a2efc79ee78bbf46a15ee65d7144ac991c6748a3f2892f7

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1478618529\manifest.json

MD5 25e45b88de59ae31ed14c753d0ee98a7
SHA1 a1193ba5afb2ec60d42b36dcb6456da21555b1bb
SHA256 7b65ad26e9cabb61c61e7f1018632e36fd342c29c1079b83edea2114b0d60c31
SHA512 a7f7e538f12d65b93af9d926b330ae0a3ba9ea547724a5a7fcfaa8bed103d1f3813fc12115bbc56ff80c3da384b74244ce37e58387cce9b10a1ccdf2f779b29b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_298499138\manifest.json

MD5 c2aa2d6bda7acddee117477137bb0163
SHA1 4ef6fccff382121d84c22101a7f4677cf056b22e
SHA256 cc55f3872699ff7cf5412491264f129c15738daa070001ea029cbf0a8e97dd47
SHA512 34f28a91396718921fcd6e77a08346720edff952ee77485c9ba76e2839d1f780df2e225b5adfa2dbc55d68fa7f731427bc52019a93b55f2f5f24cc29dba49221

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_584986259\_metadata\computed_hashes.json

MD5 31bc0faffb02de03815ff478ded0e47d
SHA1 15e926fae5f441bed88b98d9296c661d2c5c09e4
SHA256 21473aca0500caff3196c1fef89ec0d8ff5a9b2e6a5d0cb0f5e97ecd71ffdcbb
SHA512 7da261179228bb28eeb59399a7faee11e596c556ae10633701d490b4b156feb1a24c2f7df49813c906a0b1442396b6f0835776db54c2d65fed27c30a4e52c55e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_298499138\_metadata\computed_hashes.json

MD5 e98aa4edfaa324f46eafbedf6632b1f7
SHA1 0e6df9c62a2118c0dec7aff6361f2baa1a368ba4
SHA256 465dc4f688d650f040e50153a85dda30f0954cd699b8ff4c8a8f78b754867649
SHA512 c6cd2833d35a684b35634aff94a60e9bfd0a58f7a37a8d3a11caab0ace3c71f87decdc8372cb0d2cd6f5e34174376f2cb8672ab1181580be782a076157576c64

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1384358609\_metadata\computed_hashes.json

MD5 8f954d6614a7b751ff59b171d1100903
SHA1 db313de735d364a90dacf38ae35f10baa25783db
SHA256 30b93bf098722fa2f2b1702542a1df32b40d428c02cf31aff1b0ffa34923d362
SHA512 494a82021d866dfb514f91aa2a4f816ac50431e1397c87ec63c122afc633257af11803f84bfeeb9d5ba3bde76985d2a9258b9aa6eae53760db17cbf80dd62644

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_483128681\_metadata\computed_hashes.json

MD5 b16a4fc1cd848f3310311affbd405e16
SHA1 01ccc719f9106352045caf1aea514489fe4194a9
SHA256 cea7302a41166422820c9c43cad70ff548ff88ce44c6f0e6a4f9acee59ec7cc6
SHA512 a9205276ccbcdff363ae5a8ff5e6d03e000efdb65662be6d30c56ae3ce0740ebbc1ee78b3950be8e86a034106fe9ad61c56f0bf78a4cc1d3e7d14566ceeae41f

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1360278192\_metadata\computed_hashes.json

MD5 35be4f9b728230644568bb742bc8594e
SHA1 ee4718273b5599b297bbe6917bd374ed57f49732
SHA256 d8bff8ba892ed75a5857dfde7aa24ee5194e31cb64488a350299db9716887287
SHA512 c16a9a34fab820616f386e30862bf4928fc271dd8a91e251daed65ab781751bc4ce925172136fab4ff87d4a4d2f6481af18544feb13ec2898e5585a594476877

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1478618529\_metadata\computed_hashes.json

MD5 fe5222483493fd135f737ee8d96c6ec9
SHA1 f78f932efe6131c8921262ae9ee131cf70b89444
SHA256 46a8f292cf4959371f87fc099e09fd279452654e56fa603299f7e512dbb010ab
SHA512 9a6d1f04cf4789a2df6d572d5fd516ad8b412530c86b4cc22588ec2405b5ec8e7bd15553aa2de01c37b5a8af5c3c7504c0251aea171e864620180230018162cb

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_584986259\manifest.json

MD5 6f26172981ce246f21dbc1d853ec9433
SHA1 a5461d9a26128670f2e2bbef2d1e7578f672a183
SHA256 21ca7a61f92685256d98dfc78b9844e7ca784afa51fa5530a3dbd3ee6d79ed6b
SHA512 bdefe588284e50e42abb743f3d04171823d2893a6d188cc95118be7dd292c6cd91d3eb827b54d39858698cb526b8e75648688b62bc463759e5b95b04fd09b847

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1384358609\manifest.json

MD5 77a056099653b11bee79b20aea9a815e
SHA1 fa42bca6ebadee0ce1beea9294372b7cda4b7444
SHA256 550763c0c6a8485169cce92fab5ef32ec642f001bc0ae98a024317895e40cd8d
SHA512 532e0fc9917d6409f771892557cd4e6b6ce926522131df42eace5faa22db9641502e5e6ef23e91094a0b65f85c7f223e2cea1fc05078d67f493babe446132d08

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1740893071\youtubeBase.bundle.js

MD5 31c947a91169986cfa3558f1ef9faec9
SHA1 50d23ff4bb00edce79a4160ede1545c2c87b5a08
SHA256 90f326796832682ebb6533eec08ea34d29e8a864f949e767e3c047b225189a94
SHA512 22f66c131abaa03d3a3aba5f1b03a9f0bc355e528468d9740262218e855c4219e891cfef463e4ab5e4e6559f6c49301fe2a70e8b342f5d3eb9c577ed262bce63

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_733423520\vimeoBase.bundle.js

MD5 bdf49604c55dcc6e0af6281c83158f68
SHA1 1352d66ba7ba76efc4f7e4bd9e8d79cf1142b275
SHA256 4978086aca3e6ebf5bdc84494f31a388ce7955fe8bfc043d75cc8306aeb437bb
SHA512 8c3c7d69ed8aa2177bd3e56b85e1cf51e98ab97a551df2e11d9b2fb1907503e5ccace21f895d5a61189d6c351ebd828a779e64cef5114c18905d19a1964ab648

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1207723639\twitterBase.bundle.js

MD5 a51665c6845913fa91a8cab79856f5e3
SHA1 bf2cb19406ad712c01799222ca1a98473b1430e1
SHA256 a4a6c8417714562e30af022a99cabcc3b53315dbdecd053475b141d94e4d687f
SHA512 e18f7fc6db3e30f78e963aa00246791642ae57f761869871839b67a87cba9e00e7b3f64674cee409544b5bd09c6f0d7ac9ef3c8195e49a2a483caf7a758c3241

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_348412708\twitchBase.bundle.js

MD5 4dff02b3222f25ae7138d884fefe8e8d
SHA1 58870f0e2511a66b961ee893b332c1241d235ea6
SHA256 0a21a4e6173432a274ca9b9ed8c13a4845675f20933a44a1d053c0d12a633447
SHA512 0d031ed3c86c8268dd3c01219b3690948f43dbf87870db2af12ab9c60b02b1c8212109848d358a5870a17b8d1d2599f71918690fa0e34aa4194f210e326485b8

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1466977628\redditBase.bundle.js

MD5 0e7d831110979936c383c74b060388af
SHA1 e9f8511b9862cfbbc27452a9463a78b44901de4a
SHA256 d046760e839f120547d179a8eb380cdfd07db89ed256d3b95bc975161d075ea1
SHA512 8a449257a396b0df25a19211cca28162dc12e5a22144b48996d09111181340d28b79c49610a7fcdc702b5571b0d4ad21efec890d39bf0d678f4842b1d93e629a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_331801110\githubBase.bundle.js

MD5 e7cb1f457c1972065f9a5a5821ed022e
SHA1 e8d135731d52cee0975327c99d1a6b745937c36c
SHA256 a00d426c743f719cd74ad64441a8f7fdabbea566893c29b756754db91f05355a
SHA512 de79db36ae1e042121cc440b21a5f175b7a679192df11883f304debfe3c1256955e13724d47ee3cc874e63fdc9a0b50d4b57f16d8d127d8106dbd0dd73cb5dce

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_451d0b62d4cc56991698a663a1a06078f95f2e467689474b1855cf7f282c09ac

MD5 0fa521196465f4df2270dc439ff840b2
SHA1 573739a644b31859ff72feb2211b1ee8cfe2a339
SHA256 451d0b62d4cc56991698a663a1a06078f95f2e467689474b1855cf7f282c09ac
SHA512 f20027956dfb3abcd0a44159b2e51f1be371add530f2b4a71c19f5bd48c5ebe20c8d91d06a5d5eb107ee62fb8676e950343cc19c46c8ce0f56c73100a1377e4d

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1151920475\manifest.json

MD5 ecd445d0396c992a9cf7bf3040880406
SHA1 98c9ccaaabdb7417d141451ae5008ea3be47740f
SHA256 53345238bb6112fb0bdda7e63c5571fea7b452f1e1068b75a0aa64a23c96dc99
SHA512 47d045a79743ff6ec3f500d35320a736063cca56a57899b63ea1e861212d388003529cf4c66e19e210cf636b16ba06c057d7567ea9457dd91c643450efe8f7d5

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.89\resources.json

MD5 2c079bb8564a3542ee7aed484f256cf3
SHA1 000371676dc295f481423c0da5bdfbf4d1bbd9fe
SHA256 9c0b3cadfa8d2fb012bc721229482890dad0b0b0d490451b4b5189d9251a8fb1
SHA512 52a13014b05c8f8c13c4c450da309d08026f8ea5230506cc2f0d77eb6a6a6cf81c7aa8f6472946442652055f3b9e8325a1a82b3dfe47ad83ffe00cb1a5f3020c

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.56\list_catalog.json

MD5 5a71069189227e7c61490d0205b195de
SHA1 c0b81a67c431b0781cb3bb07b7400686056a1be7
SHA256 33f110f023c4a61eacaa7e0b5f670bede4c36fa27d649b24987ff505ce316070
SHA512 f82f17275d5d53e7a5c7741e2c03cd3e302c755343ca240f4f4e779d9c84a47b20e1d2ba452f73cd613b01225b4cc6453e53a8606c4f606082c81537daae3b41

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_966325963\manifest.json

MD5 1bb434da9f1b3bed945377bb15c0c018
SHA1 2b0dc6b3b116ea97bc04746878959c3728edd290
SHA256 c7e0bf97c4f454a9beebbb72d05d60cc36ae51e2b7a3f980e9a33ff085db0206
SHA512 9eca1653e85f1ad51384207a7eee914bfdc011ad52f78e657a76ebe7a7215780c44c6b8f609ec51d1430f28a6f8ff66cf79e08cc6f3131f7b7f7d2954aa3223e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415

MD5 de2aeebd5ae0ecb567c01e7e4d1738e3
SHA1 d3f1694b77cc46de252eed58fe46e9c69a7e27f5
SHA256 9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415
SHA512 6044fe74376d46ac25d4c2768497dfb2ad67587e1b99d13fb091dd944fb519f47af094fc8d251d0cddd9141ea50aef3b1f72113a489be643fec930cdb6ffce28

C:\Program Files\Crashpad\settings.dat

MD5 21adc97dbc7995a6bc1acc11d3610416
SHA1 02aa6a753d6e548ab74e6d76d68c6f8938bc765c
SHA256 24fd745424dede8cf7ebab81ced3fb983cfcf2eb51925c08352b7d75ec41d1ee
SHA512 415be8fd09c03984d3f0acfdf6744045cb492ef3b56c6a93f9ab6b963a01f18487fa16c8c2ab6e686b75fc71606bb9528e4093b24cd8c3a53f72a7494b5aeb1a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

MD5 57ff689022f2d93d2287ac3b48daec73
SHA1 937b7dc21193a27607340af7fb7b987b8ea50582
SHA256 4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c
SHA512 1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_181346563\manifest.json

MD5 32c91bf9b8f95b4b2330a1b7d8b6c359
SHA1 32589e12e041bbc42fb3a66c489b39ef380fc1fd
SHA256 cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1
SHA512 2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

MD5 38ebeda537c3844898def2e221b369b7
SHA1 871987c7781ea71dda78a03f33ef9e101cc08599
SHA256 16cec55e01a9832e53fe2308b8b7972c2355c8327127d14ede30c8821a1f6ad9
SHA512 4239bbc3b623de09d5f21e6e55606faa7f136ba9ad2dbc6f4de9408e3d9ea438d30c28bca628c6d1afc2200250a7e2aa7f9ede0a206cb02764d810aaab8f8884

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

MD5 3a03f3ab4119a23fa6b70a32a6fcd4b0
SHA1 5d047a5da7c7f388416aa50b5fba745bf5f36eb8
SHA256 69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f
SHA512 8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_38f6d34cafbd28c55e93f878caf070785f37f80c4031f4dec4eebcc7fcef4765

MD5 72b1bb6529362e1a54fccca4d034275d
SHA1 a3d8da5a3d05755208bde7dcf6d0fcc8af54ad16
SHA256 38f6d34cafbd28c55e93f878caf070785f37f80c4031f4dec4eebcc7fcef4765
SHA512 225934d7a8d7627f07cf65c505e89e8bbf448b8e8618f80df46e84d0eaef0c967d6644154ca47cec71dc926f537fb406e1421ef5bd340cdfcb42c193dd6e6117

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1617\photo.json

MD5 717a136707ccbb18204a098267dedcb0
SHA1 fc87e9a20c0267a3c11a50bd14d81287ec5fc566
SHA256 f19268087b06c907684f6438e7a7af4c28c11b722bc2c3cd93ac201dedf09e30
SHA512 a985c885c2f2eb7610afb5bf363bb28afb03d450184087b8ef45fd3b616b2715c6bce21e3585628442a3682f99d98d13a62aae3c015587c56ebed086565e62ed

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1526838697\manifest.json

MD5 52ffc88209dc290cb1c1699d3a87ce21
SHA1 fa51eef12f97a2cbb8e3afc54f2080ea0019ea47
SHA256 4e638c2c3399a3709fd0e759ced80e3cc25a6ad3762e8464f02fd24ae2a913cf
SHA512 5859fd265ea56f7bec6969abca662126f30b56c3e8cc3f2dc3140e37482db2db4d6a5b4d72bd37fd4a9a4d4d1847b1c5ef2d0dd37b3f03589fc6e7bd3b6ea505

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1617\0a8fdfe9-e5dd-42b5-9ca6-984d3b1b94f4.png

MD5 fdc46e748da8a90bb64717158a01ecb1
SHA1 5a108cdaf1eed4208bb733bbee476c48cb32cde3
SHA256 8029185141c208810318038d81b459dd742ee8f33ffd34ccf27781605e0cc4aa
SHA512 21eb3455d34b5f8a865e22a9b0bc694a626b519d216e7c2b6b2d85b83a0f0701e0482611062cce0f365fc9799c984aa509934acd9fb3b8d42ada3c155db59131

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c

MD5 1e890ff5a734410001478628f9d33f8d
SHA1 b0d68ccc62bb70956be5d1fb3766f84efc391ee1
SHA256 3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c
SHA512 c6a52b30ce61127e39da473d0224340dfb597ed56475ad270f29c5a6a1efb66d523ea6d642de4eebe9eb133bcd8004ec4dd6404682d304a4ca730efaacbd87cf

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1045159697\manifest.json

MD5 8b543f50c4d67cb5956e085afab36b6e
SHA1 ad28c78fa7d26c90debb4d16dbb36074c00e0b1f
SHA256 b6f6a4462fb1b0cd3b395243096a2e8d7a13dfb6de0707db26d2a52892350547
SHA512 bc47c75b71feffbc588a0cdd1103470a6168abeac240153e5fb12d4d1bc62c2d3551e17d6305f64d437bb76745e5c7fb9c161f05c1162545c492457438418cf1

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.8c1f46e1fccb1c783de7c7c20d6e8098f33711e6f0c8d6747806a017e4dcac75

MD5 25744feb54cb8ff89e3777435fba2565
SHA1 cd6cff723b5572fc5158cfbdae9bcd00575aa21b
SHA256 8c1f46e1fccb1c783de7c7c20d6e8098f33711e6f0c8d6747806a017e4dcac75
SHA512 4c1d2af296bda0b51355ed0a18a5d71725198556b21775b83effa3c7dcfda6c8036113e573c32c15dfe9a17f4a166f72db455ce39d194d28a57428e47677833b

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_758659071\manifest.json

MD5 5dff1a50b2c589ab1a127b0d434bfea6
SHA1 2fa5759534795059d942e64862fc77d01d160dce
SHA256 02a9a124bbc2a5fe39f5f07b042e63bef30fae2493a5b0cd06141068ebb39ed2
SHA512 cfbd287407b1f7aa8d8ddd0743adae580090a5805158d1c1d0b300c43ed38e6001ab496e5d18ccbb7e3cbdddc9c2f46461f6a4cf95638ff052eff009799b3b8c

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.7066\list.txt

MD5 60d8f59a20e7086faeb36f52cff7f71a
SHA1 ae9b97d84e043f5a6505ef235cddd91fe14f23bb
SHA256 de3cd198cc2516da93cf17bda25a161c76df59391753c70a1a98289c9b6349f2
SHA512 20fa3425401564b69b3b4e7c6e75f21c5d4c4751dfca3e7167de22cd6bd06f17860f01191982ae2c29987ab4355d9797c879c5dc148d3efcd31b777b40ca70b9

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.158\list.txt

MD5 d32edde14dd31962009705578e060caa
SHA1 33a4c9a27b279cd0bcc4cc382d9d984070cfdf32
SHA256 7425348440a254c37c5a3ac69986d11df91b420bbded31ab503e56a04b2412e1
SHA512 39c6b6304ca3829773064ff4ec9ba22fe367fed629f08a37ddf3a2c6a0fe5ebc7632c2782d1c6f9f404a265eee634531cf5591e4699a21e27621df6867cf795d

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.6533\list.txt

MD5 7129e32ba0ea24a27268bf3c5585ba47
SHA1 0c4a6e53f11734adc45dea426f5a2a07b9de0611
SHA256 122598dbad5b09db220c8ac9c9ab52038dfe5cfb384b4df3e19036ce2aee32b6
SHA512 0047c7562796a26d518aba543700863bad97234ab45b4a435fc8b34b4928feaee1846b0bc00e36133e157667d001e749f27503898015164162328fb46a6ca07d

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1514630556\manifest.json

MD5 f2a695eb8f4ebae38be2cd3fcafca7f4
SHA1 f94b917461148af3af1273c1875e3c2725753f85
SHA256 0da39825d6b66e9375c2c9aab061b388b6c7e7ed7c17c6f68826045dd512c3ed
SHA512 f5056f28c3bbae8bfba1b591ff7594b0ee3d56838b12cbe6bb1cefc00e79225804e22526610c221b590d0bcab1882fa416e6da0a43fb56ce0697e9155b52e8a4

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_3b44e2149198ba0ebf71b9f7e274b69dc2093495c87ab4268fad575805071d21

MD5 cd3adfec7164728dd591d2e962de063e
SHA1 6e4598219a4696744489edc82ed1b65383d9a451
SHA256 3b44e2149198ba0ebf71b9f7e274b69dc2093495c87ab4268fad575805071d21
SHA512 382166ecad5c642d3eb6da1390c3de8d6d213dc99abc4f3f4d69f79a1d704e94381ad23418528ba7d0ac26237b4db391bc58078c735971c082a38c070987cd9e

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1850897593\manifest.json

MD5 2cbad97b322181a7318945d5354caa15
SHA1 bbeaae5b79661cdf981fc328afe0e9ada6fac0d5
SHA256 9a5f750ad9baac90c0b2a163ccca4b8fa2908e18159725f8651ef4bfeedbab2f
SHA512 aae17263db0db5d291fccaa87f4dcbed2db39a4b7bc63b05efb623bb50bea95a062ad65485c32421a9a565f8645a58f3a6e241374e8a7b75b46d076c4d5fa35f

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_9cdc82797681fcec823d1cfd0f00cc12f820d644073d48bbaafb8edfe102fcc5

MD5 c5d21e4a6a527c954bb6db82ac78501f
SHA1 f5fcaa6c90ff9c5dc5b52fe4b7520dc3969fbdb5
SHA256 9cdc82797681fcec823d1cfd0f00cc12f820d644073d48bbaafb8edfe102fcc5
SHA512 cb938e3d929329e464827bac19d188e920105a9875298ff7ff3aa8373af63eb98bba2dca7d08d6e8c883532db0f60940893ba485715f5ee99acfdc723d273219

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1934401053\manifest.json

MD5 ef7ed50cd46fe4fe9e88379d62e36b7d
SHA1 0c8caf795b5b08e16fa3b8dcec455740c2760e13
SHA256 cc7cdcc3ed449383b72359106dc7d984cd98c2b79f927f450b05d3093ec6514d
SHA512 9eacff47b7b8452d3e2ebc547cc966bc14fef09496d09b3cfa7063c4ce180e62ec910167c0ffd1e9ee2771bec74bc7231fbc9add9ef8fab94bbc8d95d25758ac

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_27ff1fbf4f63a52699ca46a7f9025df50db99dbd8f4120aa6aee8b7308900882

MD5 7fef9c3a700bf2837d879dd5bc1c439e
SHA1 8aaa9c2aac4b5c9b0a12121e3978e83d6c911c4e
SHA256 27ff1fbf4f63a52699ca46a7f9025df50db99dbd8f4120aa6aee8b7308900882
SHA512 1bbda96a0fdeadc34037da90994ef10f883d359843ad26d0736c39c8c884d6648de5f677484e431937b840cea072421eae99d8c758147e02486b78a75543cf72

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.6133\list.txt

MD5 c462014c026eb63ef3b934766efd7b56
SHA1 ee1cf7cbd10c00b065f0f206109a1d8e4c77c1a5
SHA256 1367811ec28f1877771485f63136c8102420ec0e7cb93151eda742e5e46b117f
SHA512 640ddffdc00bc8f4352b255097393968af58bbd642e4e3fdde15c22b1fe77ae1d37bd6f2ec4e2086b8a452136767e06a342692fa58d1b10a95ba82da6aebe696

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_157297876\manifest.json

MD5 f5067fc9381cc00ad79c379324771b3e
SHA1 f97fb7d976106b5f7544117a455ae16d83d9cb0d
SHA256 7f08b5e6338e69bc212c1f9e14a69e3512b37ba247480055e5d7aa9baef34f53
SHA512 8c693462ec2b402fbb92a99962d7c169f287d98f52b45282d163f09ba6836bfdafc36f0d05f3e7b084fae2d5b03a21a0599ca8339b0ff8b7a823d22c45afc439

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_53154d795a7b9ce7547f7682d040f3b142c5b73ea23c05ccbbafffdea95bd384

MD5 1b28e5e84f20412a61d740e141c7fedc
SHA1 643497e731dd7915072a18a08846dcdcc079509b
SHA256 53154d795a7b9ce7547f7682d040f3b142c5b73ea23c05ccbbafffdea95bd384
SHA512 82b57bb1b4b7d26c6d6d51f9462e3440b9a252b52f9f339e7776c4b5f04c243e1b87d566e4897bbbba73e2be6771d8fd91021f96602fbd8eacd74ca3bbd51b11

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.14\photo.json

MD5 9e7961113273ff27fc0364e1ad5c28a6
SHA1 76d8d1eea3a4f2423d4e4602dd7b254c919e52c8
SHA256 b9d166565aed3ab30c83d2126d636f48a6e502f65f6b09259053fccbcdc48ea7
SHA512 c9de055cabcbb23d24d38c0be70489a1f744c0724fc7da83bb55786cfac60fbe64916bcfaf679f8a9f0fc188f8c51f629816f1a6318aa46fbffc068e4a71fbf2

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\manifest.json

MD5 297a9945e57c8dbb0a8a37686ae8f9a3
SHA1 326eec5df2b7afaa6f8c9e023c68c149fb1e680e
SHA256 6fbc033719a533a6863ceb742335aa2de7b6bb3b8c9cab55579ad26134e20673
SHA512 269a7dcd03e71dd3e219e54d00145d5585b246ad8e3092af4a75900dce2f0ce10ca682192f4127a634877e511e86109bc68f8b44b6ef1dc62fe1fcf469bdb323

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052

MD5 26550720da0033f11c39b9286c89a360
SHA1 2e4b674d0894fb7ce59ba593f918f760e546749b
SHA256 9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052
SHA512 f51ccede383bf5a8b2c14633da44c075709a9f69254438dd8d1549550b232e7cf5c4520c6afe45a943d39a02c2b3f8bb54b5f53f5dc3499eeaa8df747d998112

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\65\download_file_types.pb

MD5 7aae1f30b2fe2adc7d9725b3b6959025
SHA1 e076252265e5d1563a656069e14ff767494729d3
SHA256 d4c314a43a880493dd8d1c579e1eaf1c7151eb608c0cea211b269251f8d03b85
SHA512 2c2852d1900eac5654f9d4b0f3182c5318a8eb7704706e443a2adee9a4cb8c04bb3e083d4624cd1aaf0386e27f4e3bb0d0ef3918c4a84827cf087f35602758dc

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\8815\crl-set

MD5 90120ac63fbcde0dc0dbc18afe9565d6
SHA1 1ed71edf748ed83470fa5de53d2bc9a81db03b0b
SHA256 5ff2f4fa3cda90c7f80662b8a85121d5fae6c4ae464f082eedcce60c9f548f20
SHA512 2eb9b60bbcc765ddeb9270e787aef76532e5b37ea7bc11f094b4ba02fcf083091c700a0f0826d3a5b56494e39b521c578fec90ba13c4e1a5db1e85a9c12e75ae

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 f4a8e596197f13b8c473a82cb6fccef9
SHA1 b3d7b0dbf1f4af4e0a8a8e5efb8a6c3af6fb5303
SHA256 1435d1c9c9e64b01d2f52718459d400456e31791825cd94bedd1f9d1146832dc
SHA512 e2cce8758d12e6cf30a08fa794d87fc05418739b2efb1e384bf3ebfcb3656780a844e989f5002a9cafc0674325e89d24b791ef3d024f959308f132fe799569c4

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

MD5 1fce1f851f5fcca16d4dca9fa348d93e
SHA1 7c1bb41c57968ca9b0581d239e5e31207a3a37e9
SHA256 8a951f03ff2e96176e24f043598733bf9e9b92810233c00f2af7bf4921451c38
SHA512 579efe4b816942905e27b2492afa314786258641ef956200849a8f89a8c56c6040e03ccd34f57f36a11621d2b2e69c5c06941b7e918658fc967444d723f6a5eb

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe59cceb.TMP

MD5 88527387003e5be7b6a959f5d470522a
SHA1 c080a197c890cd572e8547cef72dba5ac976f22e
SHA256 5c2581a77b72b72270e9d10fe99fb751ea7471e5edd53fe81cb4e03b08ddc155
SHA512 7c85da6e2cd931e32e6c70ca211cfe9bc3ce70b26a1ba56b452d67c7456bf3792d0de7f42cb5570d735fb5040f4b705de723378452c782812900004cdf4aa00f

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\resources.json

MD5 20effecf10eeb0456cc6f537c802f172
SHA1 8fb3968af27ad30c639f45a6fcee99b48ef79878
SHA256 044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d
SHA512 6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec

MD5 a7e4c42e905b14cc01a1050d489a148d
SHA1 35db36d549e6c40a5d2f02d261beba1b70ab5658
SHA256 9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec
SHA512 ac7f0d431a4105dce0fc51b316c2243d0021c721c9420754e99b1773aa1e050246196b1f58c562cd2b81f8567a0814d65328f3360f6e2e2e94966bc5834b63e1

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\dnryisldmaqljgwaxeqbuuhuvrbboqlf

MD5 ace804b1b6bf107438c11cd283e7d4ff
SHA1 7e3c1d5b50f11f31a35286de0ccb4788b3ebfa15
SHA256 124bd93f5656393fa501e4cae374cb578330adbcdea314adf11e9dc6320ec466
SHA512 f34f36adb9335f11da0a63b3fba9ff19380c308bb17db1cf0b4c1f23f35f3b8074f6beeea7ffdf600fb97a452aabf23fbc64c8dc45719183b98c819e3029181c

memory/2212-4209-0x000002E3056C0000-0x000002E305DE9000-memory.dmp

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d8e07d89c1793fae44c184a8277773c5
SHA1 4f43bf7ec6406aa84ab3af1d010d5b2ee78f9cfa
SHA256 08cc86347b2f8b8d64f60eac38ba33938d88f7b17a6d568e97b1eb4730a04940
SHA512 784d2eca706a3075cdcb23eb1b7651111864a5770d757dc565c8624d52f7a3340050584d26f6792cb7d6c0cf92d84b5d384f5ba5a65c0193e7feaa4ce118ecd4

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 5fee7cdc668cca03011fffae691c118f
SHA1 7009f18de2be642314c0ed48562add3e8e5155be
SHA256 6c6a0908f00473b30eaa1b194b731f0c7e08d2dfe73cb1f3bf4b6348224ae24f
SHA512 bf37095d95a74191f3878d607db857b68f15798efe5665f1bde8b35ca11fc04d763cf5ebb222d23f936b39c578a2f85c842bac209a75a109064aab2de0643b8e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd71577ccf602bd6c279918c630c790e
SHA1 6047335ec2d29342814922f9ed09348354922994
SHA256 ae60a93baa0cae0f53d67d4b8d5cf09dbb839ec68932e3a43419ab783d0c35a8
SHA512 54598d98467233d74e8d734b3fc376e19e85370b94a278fc3d6d0f2755ab8860f5d7a3c727cf6c77a4c4b73ff97222ebdea77c15d37ca734311151d5343a5d9e

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\IndexedDB\chrome-extension_mnojpmjdmbbfmejpflffifhffcmidifd_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 339cbb80fe05ca0812aaed81f535c961
SHA1 51573bb460a505615bd10d3b54a39bc69e28c954
SHA256 f198e0a7eb165a933ffa022b31af5191642d62b15c2ec53c1c1816d7197ce8f2
SHA512 7058c51d702c6144a794566dd4dbd3729a77066c5ad621315c44ae27b8825e5f75ee7f8c36a2b04b1f0b4ca5b94aaafbe835bd80562fe198ac1a46b1b9070e5c

C:\Users\Admin\AppData\Local\Temp\e1cbc228-91f0-426a-9a9c-ad73cb8fef5a.tmp

MD5 4e19e70399076ab58d1160d0fa2664ec
SHA1 e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134
SHA256 b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8
SHA512 f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 d4ade56ce660cde07b7770b3d9f48294
SHA1 7234561cb1963f34072c7bf4ff7d859d7f5a169c
SHA256 15cb9d6eed6d4a14d0a88e53995b9629ec2fc5bbd17e7fa5784b8ceba42759dd
SHA512 e96555133e82e7c82c6a654936bd546c0679031f2a86d27012f15cdbd529009ec3043b529a68ae05ee4ed63c4bdba10895c23fd1fbc6c7a0957c281202c2388a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5a49eb.TMP

MD5 8840701bfe0941fb80211184a9e1399e
SHA1 694541d9c56568d7879e4db3baff0fce273c379b
SHA256 a8f83ab446f377820b32eda6f920204aa972c414370c1deba7dfcdaf5f0bfa46
SHA512 302bf0293531d34067afe1c153a4fdb7a3f82aaf7e12345efa761c24901270b3b89952319394192a0e85a918c2a38938ddac39760012735cde5fc3f42d8e7213

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

MD5 91a57bd7bbf5ad900f18ad72fab7b3f6
SHA1 243e218ce1707191dfde3c48d38ea8629325219c
SHA256 3cb79472c1b22a7496f7a4fc097b96ae7f1fa3b8dde136f93a3a9e61719259b9
SHA512 2c931b5d58c1edaa928f22ae01df44117685f985800cf5d58bb496efbb13e3193c9f638733e6f7c8f04943996c6591ebeb7d223341f19776e9e76af2efba5767

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe5a4f5a.TMP

MD5 2ebdc33d3d6469ea0bffe796e1b1f9ed
SHA1 12be21b8529321766516808999d879a77cd028a0
SHA256 bea7e7f7e2e70776a6d16027eceedfe0c8a39368fa1a87922a8f2af03dab5502
SHA512 3fbdcb148564732e55447f8d7b2e68a7f18f842dc47351c7762d048ced2cf56a5815190d305a8629ac38ee78ff66768086f99c5c31324001b39e528b42d9eb8b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 057413d905cce6920ff06e0b949f6bd9
SHA1 ca6e00d7b3f618a894033420d035d4839662a882
SHA256 3791b483e4eb3a5bb72deada15a0c1571a01fd9810ba8ed735afbc33625b45ef
SHA512 3eafac0952c22d493ece30ac1b8575a8c7adde6905a41ff95c4437b7f78118a5a3f10b440b53880f42d44ced5922f572dddd97a3c88c4b5a16e84b4623287d69

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 8a95b880bcb209fa23d0860457d2ca08
SHA1 f88ca0c740e53c1674912bb2b29b77bb435dabe7
SHA256 fc6f3c660c3210167c09abae205e5611be3ea4092a3077a2b57d89bac19d7fe2
SHA512 9db32721ad754d3903c526eb3151f2d260ac1b0e6c4532938e2991743fedf35c9a7f205951d0b77137950191b7c8479c983c71473bf94033ac083c18c7d40885

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 acc6d46e7c5768611629022f09e7ec2f
SHA1 8286f0e86af8b8ae3d2f7ccf1d8bfa5cc6773fbd
SHA256 090c0a40bd254081b1871f33fbe2789387fa684794087d33cbf3f4e8bd48f273
SHA512 f11d8fe82e01ea10d77a4f5f76eaa499ba364c695cd81d873eb8d587470abd1c31460a26eff5cbe2a27848a4b4fa0da39dc3ef8c655cec4953b85c4080d991ec

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9d9e344f2ec01a105724988c1eeaca6521d2136dc519e481dca8ca54598f88cc

MD5 2c145ff41e457b1e3181faeed6ef2542
SHA1 5f15d83e676e856cca536b8a6e3a5218b9feb9d4
SHA256 9d9e344f2ec01a105724988c1eeaca6521d2136dc519e481dca8ca54598f88cc
SHA512 06cf7ec3195a0b8772a3bd3e54b34792479627c34cdb26cb46d40aadaf7ceb27cc8381bc64a270130ab0ccda0ec98fe937a70d03ead79bdcd5b3d61a661431ab

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_204782721\manifest.json

MD5 b602dd5374097110028a1f7242de5f45
SHA1 af69f4706e07063da5629a47c586b82fd5bdbc02
SHA256 85b7ea896f46bed2df9eedc9ca3dd5f3df561ec48b32c93d91372f85def192b6
SHA512 4556ed9d0aad065c1b243c50fdbd85f95b0f6d35c070f5a1c53954f777069a03024d574445191b6fa08c9b7102f8f3c977033b14dbc53b9ff89736f7fec3d798

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\975\crs.pb

MD5 51c912244e7ecaa42f87eacf5dec3d64
SHA1 6c1fbe878e822b41dc5fd8f8b6fd71c6555a74b3
SHA256 cf405ba3735249f0fb97d3d822289737ddbaed63ba60a27fc6732c9f1705668b
SHA512 966fd17bdeadc56b8f2a36cf78762cd981aec763a7f00027ca05ffa20da2c318773d0fb39f0ceeed86b49d8aa04544fc87a73ecc9dcac9e54d14b9ba52b7dfbd

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\975\ct_config.pb

MD5 01449f5931061dab40872b7c516a9519
SHA1 73f5ce7176e2fb9a1387439a815086a27249ee46
SHA256 263b95e989de258f52164ece8a89aaee8c084d1f2ea246bfc4ce49bf744ba44d
SHA512 cd0f9215389bc92f1165a91680e22bf12bbc20994433182bd72dc2ec5e7d1516092c66c1f6c7c323cb337281b6dce8eab5c936e06afe3ea1cf79b0100fd9555d

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 affa259e1db215c1cbc124d2958ef24c
SHA1 57611040a76601aba6b802dc12bb1b85891387aa
SHA256 5e8a36200feef6148934a21b052a684c88059f1edf9e0f0e5fdabb05c9966517
SHA512 c3fcec4ff37952a55e86cd139e89b0ddaa428111c2d31154904ed0fb5cdd0c4ecff31b660a5f3119bef0af641f873ce978fd426b8bbca874d77fba4aedebd44a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.40530dd93ad0a5f406a909a50c9aec82f6be28a61208ef052823ff0b59fd3bdd

MD5 60c46334436dce0960fe998b649c2d68
SHA1 e56fd352746d08ccfe2741cb9108ecb7437b8ebe
SHA256 40530dd93ad0a5f406a909a50c9aec82f6be28a61208ef052823ff0b59fd3bdd
SHA512 752c1fa06c46e4f5bf0c4b847546637030d02b5474347102abb5a525940096ca2f590af0e3498cca4020d16dac3506931f3aeaa22c52ced5ff9d056c50ff5cbf

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1516543154\manifest.json

MD5 55d0da4886efa9d373256980afe0b0c4
SHA1 495d838f50d5e76226480487be4770fdf289bf2f
SHA256 816e30826889f2e140b03e0c7cfdcd31dedb307c30712b017843080b271891a9
SHA512 0591312ee7c3e51cd0b2c13cd97aab7f65fb8fb1eaf65ddef3e3a7a49218893e1827ca3b217ecacfeb02bde8926ae81ad893db1031b2e891d2b06aff6a6d5327

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941

MD5 be4bd6e1ff889a7bbfa11ba79fd1180d
SHA1 5afa96a648721fc9d5e5679c0beae33986c13124
SHA256 905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941
SHA512 78a2aa93d0bfd933cf3300c2f13004551ddfab104a4ff63841505041510e60d327a803082091b9ad9dbb55744898d2c145b055f495ecc311df65abccf192324f

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_361730170\manifest.json

MD5 225c08f039684dfb54aac162dd9d5b9e
SHA1 426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3
SHA256 98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c
SHA512 d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2023.11.29.1201\Preload Data

MD5 aa3ef996bce08a9c34fe513d078d1ee3
SHA1 21688d164d442d37fd5471e13b41b1d216f88d37
SHA256 09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039
SHA512 285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

MD5 ed26416e1250cc5a312b34d432a2c104
SHA1 353566351ac2d548da07d43a6a554e36f7ad20c1
SHA256 bf54ae5cae0049b9a3843cb9b70390f626b62c22a3d92777e46e89d5ab0dbdd3
SHA512 0246a663c3cea112fa4330ad082da6e96704c888d11243556a9f2aca209a1f65673a1edde0c2f05e1dd9bf0e2efa88a894fbf1fb0b94c7842443027368c74259

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe5accd7.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3030\safety_tips.pb

MD5 87fff766671c837c18e55c6b97e560e1
SHA1 95466b0c2bc75aefe70b1de6ea907ff2b9b220f0
SHA256 2f2770d56bf02b605745ec87cf6c5f04238b6c49aac69e957ce3538897076ce5
SHA512 e2620e6cbb331252bc718f779d607719a8bcb1eaa43485ed6933c13ba97c5013355a9ece522a0364633bf5eb05051c29b93cf38ec6b6d5491f8b4c0e78e11f66

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_2035095960\manifest.json

MD5 e0af88ab9c07ab73d12c59386efce120
SHA1 5d3b285ce17fff903ffe04dacb9aec8c92753c21
SHA256 d91a5fef482dcf8f7f40fdbdd3be133aa8452fbab6386bfdd37c654f2d5885d1
SHA512 abe0500b687474bc6cc42ad2ff2521293dbbcfc88c9bb1b307558f747b0532563df4dc79976635b6c897f77096234cc239bc98fb8882f28220aa0231fa0cdff9

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada

MD5 b173dbd5ca315b732be8248161124804
SHA1 0083e57ea026113275009cb9cd111bd211578e17
SHA256 888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada
SHA512 d4cb2a881e157a6d71fd5afc0c1fe0cb343de0ff019ab8778bfcbcd731a2fb8e28336986c603a3e354d9889e2adb68ba6a40fe7df0cc1fa5832bc000ef1624e5

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

MD5 e2f792c9e2dd86f39e8286b2ead2fc70
SHA1 8a32867614d2a23e473ed642056ded8e566687f9
SHA256 ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7
SHA512 6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_944904053\manifest.json

MD5 4aaa0ed8099ecc1da778a9bc39393808
SHA1 0e4a733a5af337f101cfa6bea5ebc153380f7b05
SHA256 20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d
SHA512 dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

MD5 636c653ec2c30bb767533901a18669b2
SHA1 4b5a01cfea4c5deb62f3aafa01ef24265613b844
SHA256 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a
SHA512 a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\7z.dll

MD5 a144e24209683e3cba6e29dab5764162
SHA1 ab2112cce717bec8f5667721a072d790484095ec
SHA256 b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348
SHA512 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

MD5 2ac309d48a054c8b1d9ea88bac4dbd6c
SHA1 7507922d88a9cb58759b5326fadae5d0c87f40b2
SHA256 c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70
SHA512 870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2024.6.3.2\metadata.pb

MD5 cfa2704b71fde6dbafc4d53c61bc94af
SHA1 46fe762b3e5f27c279fc552628ea6afc369537c0
SHA256 d072604128d1dbd0af4193619b0da5fa6659d64e440a6e205132e52fe7465d2d
SHA512 bb8d541a92a093ed0111e0e317b4cb974a3ed3bde5079196dbfc92ae22039080628ce5b1dd78d3429a432b3959d0722301029300d443dbe53e9dfd1a22e75d3c

C:\Program Files\chrome_Unpacker_BeginUnzipping2212_606809565\manifest.json

MD5 ffef0d95a4a3d4066df9964d3d05cd7e
SHA1 d2369ca3be774d52fcc22073b7121224d664bdc9
SHA256 7af54604a99c2fe906a4c43367d835d5b5c565ca5582b20032a310c9fa3a5fc0
SHA512 9cd3021d42e376beb976f62bab269ad7f3e66e922135492145aac4b7bf8f5f71d4188901e2336117880eda7fa939a6b5f2bad33df16d87de59780ac509763a2b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.3b4be3a43486e90772899884714419d61a4b5e6e55fa7397867e50b4763ccb35

MD5 bc57d92b97ff3085773baa772c0e0003
SHA1 59f44c261776a2e5765e979395db3ac0d282b835
SHA256 3b4be3a43486e90772899884714419d61a4b5e6e55fa7397867e50b4763ccb35
SHA512 9f37f0a299c9015ffbdbd4308631dae07e594f9665183f143fe94cbd8aecd30d4fff66f0310a22514e6eaa68847aa08f3be6697bd50328ef602656f1d96b25e8

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\MBAMService.exe

MD5 31804b530a429b25e5763de3e7e5238b
SHA1 4d8eb7342a2bad8318ac51a02b7b55f978178422
SHA256 1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a
SHA512 efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\dbclspkg\MBAMCoreV5.dll

MD5 9bbcbee54b8adda7eb979322ee9c803a
SHA1 82d1c65ae32210b6ec3df6c2dc5a395ea6b7a9ac
SHA256 fe5c67c1e19c1137a4d4b3928d8b37db1845ac6d4b3f13d7b4d4bf4b325e331a
SHA512 fc0637f2f55698775840720480bc65fd40911913a509f0fe70cd2653aa2bdfb0605e4db24283da56a83ed7d74eb5837d2eab876c3025a94606bdfa6715ce19d9

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 5e0e2d584de048ec8e1d96a8402b9074
SHA1 bc939970e17845f19b5487ebc0f1962aa4f5a756
SHA256 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a
SHA512 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9

C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 1f86c492be95dab733c30fd921bd9b7e
SHA1 6a54bfc25b17ea449061a6fe79f17098e0bd577e
SHA256 b7948c5d0d94c8537cab4db81fd8dedd473cfb48ad3cfd9d3e9e6d6dead4c218
SHA512 3a43c1d4b925f11c4e86c0d27b2ed217a9220bd7e994ef5827135f7738a80962308f7b110cbc90c372b6280e51e400fd590f4a287a89efaf105e32fa91a3831e

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 dbee8e7bbcba63adfa242c00f228afb0
SHA1 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc
SHA256 c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380
SHA512 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 23f1360ae0e948d300f0f62b53200093
SHA1 e44fd6f0248e0a02525ee67664d83b535d9cb7d3
SHA256 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da
SHA512 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 ba93a610ef03b9367bb29945e5a5ed76
SHA1 b5c1ca79a1807526d7a1d2bc78e3d884306db624
SHA256 540670b243f7313c1add13b2bea75b8cad47b7b756ef08c78dc2f1218eeb16db
SHA512 1c7df3a826d5bf0e1c23ab395ed44e0eb9f036530575aa437fa8a86cc85f5d3edb056c9472261ed758fef6df09abe6b7526fc758e75aabf152a08e59d800f9a3

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 53414889efcd761429a02584f4572266
SHA1 dea704d877a6bd4fd8a5d5631b43ae2697c3c6bd
SHA256 6233fc758d2f21428456231a43aedf0cce75c2ad40e474eaf17afbdc4531ba9e
SHA512 5d3b580738ff84e9420739193b9278716315afe3fe21ada51bb451e655c0d2d26af773ea38f57155e05b196fcd2c79d498085daea9025bc5664da1a3ea1037d6

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 30c4d3e8081eaf370e71f6c4be8971f6
SHA1 417969cbe377c981dd8a9e40cc5757a5d2d33f24
SHA256 6580c485c66fba67108801116067d8c2987990717c641c84c0226f8a4063bfbf
SHA512 f182b227e25cb573a1d45458995f8eeb63ab3d9fb9ee42db37ef817f6044d7914d2b1468f83dd2f5cd41e3a9c50d5656fb1b41ce49a840d45d9499dae9c385e8

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 5a16d7a7f0b6423b745c5d8c1a7cb7a3
SHA1 88cd974089a8a744a2238592d4e9155d5842d853
SHA256 1a84ac95afad7516bf7c4b8f6e61586da94e7b6b31ce630ff3f989e3f26ef46c
SHA512 b0e3bf431d40fb27f23162b515333b6cc1ed8d7653a10c16278e9409c21fb18a8a974cdcd7a36ae7401f85feb8eec54f64ee32232a9fe26d25653296a0c6a548

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 77cdebc72713a496425b91459cb5d139
SHA1 e79b2224fa6bdd94dd03b1213cd2aebbd4b46e9a
SHA256 b041c21f6c1cbc368053c3929432a02e7e4d7597c64d73f60ad1d832b8edbfba
SHA512 a39d54bf00d0bef5cbf93ea58f119725b2ef61623313a31a86346777a21ccd737b7b35e9cac815f79049e21c057e7aa6493d0b2be8606ef6b70b354e01cee81c

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 8e9ff529325087a35547b8aec4ed4d70
SHA1 256e35e707c6ac1665f1912041adfa55bba77184
SHA256 ce3e66a29f93929bd50b70d09b6e625214b88b2053470b3af905d24e16584fe0
SHA512 a5374868bbcd399a03b2b188da06a69a9b429e60ec6ab3601065c1910e86dc3badf304be79d8023ccc77aaed221bfc9c311073881add101d127c4278b9cbf1fc

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 000d010ecd92f1bd6f0c613dcbfdc353
SHA1 f86dda96899dce54e88ae50b87a417002dfb5a3d
SHA256 ccee58a15be2194f3ef64ccdc18bbbad0b140155ffaae2608791aa32bcff5ef5
SHA512 6fc58812f6c8c12c6b4ccf8402911ece1b00ff89de1c771c1f71d78348f7c2692e917ad22574d504b202528d0ec26b923aa906d12978de8639e56f9981e320a1

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 8494dc46bae10a61f70e25b5ab847df9
SHA1 74be12cf75f02e259b27e7bc4fe31403aac2a924
SHA256 1117371ba69cabd71a5079fbc50962c57bb261dfaaf720eceff39253f00ba3a0
SHA512 05e4dd6fd7a8e5115649c2a226602a115f4ab5ea8ec342b45cf1d84a1bb5a4e0e03eac5407971cc4c4888d63ff2e19d02162b0461326235ce7c608b4834fcdb8

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 ab037744d88ae3b454c3cb52c4201914
SHA1 3d25ace44a8ac6a5862e2cd10e36f5b658a415fe
SHA256 cab65a1e0161dab898eecc93c233b1c432bbd1ff7c4966f78f4220b0ba8eda15
SHA512 4d8aa08894e35938eb9c5de625d0f6594913e9577e401107bf4fe34c23822c7a622c7278e62f16275d2d055ba3be555d0ba22ea839876a9d7f156b9042f039d1

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 f0b78f7017d1353675c69472bccfbcb3
SHA1 ce59796bb5085fecd821b4634c64ba9e9f2bb610
SHA256 01716b3dff4c182646f828b99f16dc0584581123b287a59615c0d2034adb529c
SHA512 26e43225ab5faecabfab550d810ff1e5153b3663690858965339c301525a67b85752846183503479b224c64c296651f97b90a306acda3afccafb3c6dee402b06

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 c019c27dfc81274ecb72b9a9bfde1dac
SHA1 de266338d4eecff9a708aabd971cb5dad73f1b04
SHA256 f06c9201871dba3f0cd412ef80e3c74b26f091b922a32508a5e7d0c3255073ef
SHA512 bafa5d78bd7e658e1e15b098938c4ac0f31c07ae96fd29b45b27ec7d8d636fb1b1cd88c19080518b903708efbd43c9d2781364742ae4fb5155aab7041c74f034

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 25be5a55eaf0976feed2b3a75b0505d1
SHA1 395076c02889d3e0db17b1e49d2caa1d43eea7bc
SHA256 fedd7c2e27400b3fd02294fd293907a34961934fc4e9a0587f28aa01117c0c73
SHA512 f190b641319da454a7b11fd5cb31acbc341a1ad0b40093bb12618a2e5da99f3ddb4de6ff2e404b1104e28ec4876b5503ad819685c3f543198f4e5d173f9ff206

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 1a6cb54aa16c7a795fc6c8003bf75de4
SHA1 6f9dd6fba29e3140727f27182f6f3798a5d3a15e
SHA256 2cda302704d21fc0bb1c9b68cca1205594af5d8f09b6c0ddb5b3e146eaf63af4
SHA512 6a0fabbb19e3f626d2ee58ceb560c8352076d6b8ec9ac4b2f06876e0971ebace2b87b8528d8f69dd020f7fece780ea2dec7e862a1c1357632cb3b0096a060788

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 32bb6eedf019fda7aa124f697a5e5f72
SHA1 da8ab67609b6c21d490568743814b6faafd83b1b
SHA256 140fe06a90625ce76c88a9983815bada33df12cac5712946f13bf91ae0ea560d
SHA512 dee71a0da88f6ff2066de182f55b8fb7abee5b23be42ddec1a471f187b529524d29b6edff36ef8b2ce6ebba68c794cff2e573377642f984cf2306bf3f25c55f3

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 ed6e91030855c2b3c76f45dad4d80563
SHA1 2ff9c379c281ea0b6ecf5e1acf18ef756a058f0c
SHA256 4738ff9f7c89cc53f97946daf3e9bbfde33fc10ebb826ef8f56a7f70c967d6a8
SHA512 270af937121b17b382ab42cdda18d0ff47390553d6887c6711fbdfb75c16acad7a2aa27a573abce46b37ff0330ea0c5dc6a0b17975ef33181c582c7e991c5ddc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 7cde73dc19af25788ed7e0c6488ec10e
SHA1 6d4dba59613d611f361c4edbd2ab252657711da4
SHA256 376c327c96c1ebb4abebac74854f66090cd4d4a964e36c3e4fcc5cf3310035bc
SHA512 1ceeaba9b07241d01afca7327b2ed6720efaedc38403a66ef1caea8e806d0068bef3a1b4b6a4fdf327d92298efb027020f346a1274119e130899800c9b877801

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 eeafe4dbe0bbcc61fe36b141e5611c19
SHA1 e461639483f3ee07266abfb3852c0ff5743bac68
SHA256 79b5dd59e767937bf1a7591d503084014f956e2fcba70baac8ce45428a8820e5
SHA512 60d4c18979322e040477ce0773a885d41aa4bb9aad6da40d584a9fcc67553fbfca5e9ed748d1d3a7277143c5dc4b99f17ab038bc8da45b2179a65c57162515c7

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 78750bdf916d4655aa6007b733b623f3
SHA1 1f5b0cb8e422d73c56b5962a154a097c61c9a002
SHA256 499d3480d391fa673b38893e3c436fcd84a975a7f171e83ebc356159c396afd9
SHA512 a5bc368b1f4d4263b43e8c5e0588fb7a5ffc243037129f3fe4773da03c6a178827fafc7e09a85e27158316003b85e041374dd40315544268b2391ec9e7ded96c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 ad647cad390b161f9564826e4d8e5f81
SHA1 4c132658b5b31a968f9ccb0595f95cd29d1e6460
SHA256 5ef3b0e83f9573d506e3f032019feca474a1484f6f1dbf0612c92339bd6e5c4e
SHA512 4d356e90c83fdb494996d951d3774ca258951f6df66fde9aeed2892d245aba2e36434d0d233df7d6eab5e78651ecc4ed407bb31a4ceca0166377b4fae212491e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 634c582955715ab32ddfe83406564b05
SHA1 79c0a481c1ff351c2e622e440bf7e6795ca6efff
SHA256 4783d65126b8c83fd9aa8ee0e8428d10c20adb3daee6b6c92dab9aaa26964a67
SHA512 38af39912704bed274cbea2c8cc0d136b94e328433cc02bfa7f04fdd9313473e11f6e6cd34a7b4614de55de0d8746ade1040a9eca4f37fff178a07d3e8f5b1d6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 fd835687e17d10935302bda69a2a9087
SHA1 8bc7cf884c2fc73146865c5ae97fd71715553be1
SHA256 c62931249c981b1cc9bd7fad95d20454758b91d7dbef532d9c58a897c65a1d7a
SHA512 3012a5816d919db10541d8fb1185a20f521592ebadee38fee61ed18808b200f36b835e0da4cff7937f6011477947c5eb418bb66891cdcb681ce5958499d19d1f

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 20d70c6e04dbf14c01ab2d756e97854f
SHA1 f172c8b8c0e87d2a9ab064513dce004d16d03e0d
SHA256 c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24
SHA512 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 a9341141dc8a9f27fa46758ed69980e6
SHA1 220ecb05f5456b3d2b0b05f5cb6fda6197207563
SHA256 bfd1e593eec056049ac2e52daddb635ae9e4047e6d81aa61df0496f6f634cb73
SHA512 528cab8c240154fde3c0a728fd4d0250648a105ca95355e5c674d37ee620ab74fa499c85cb7781ae676b93117560c3c1f4d4b9f6f341af958de3073c447f442b

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 5f4f4838ed0a41b4ae61b16cbdb7c41c
SHA1 c9e300e9f5245d736d6fcc42dfb990b2639aac52
SHA256 cd1e8db650a73bfbc124467737b96fe2080f27f27e031e1043ddc76a9844fb06
SHA512 9bb1ac32b62fb1398616081574b03c0eac37377b4102641299202601f4881fe64c98111334f783d013b509f7eb36ec9b79a7b71bf07436632c280c1ae3142755

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 a3fe79081a59d493c01b5c1139babdc9
SHA1 1505cb4053bcd9b55c40227ad6b62a2457cebbdf
SHA256 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860
SHA512 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4abf38cf39bb0e392f038139581d1996
SHA1 8f56790b15fa213ec8e7bdbdc453903b4fa2c9a5
SHA256 bb494a1fc1d707131e042bb75de9208560eac21ad3a16a159af49714dda09273
SHA512 204e571dc6c41fb3bfbb78a20b5eb8f94dec2be30d1d870b0f69053f9fbdfd680dc77022f66f1eb3e72669b91951e583a0330d64eca2ecc94955472a54fd1dd9

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c86fb53851e162b5bff094e48880ed5d
SHA1 f309f88869b7e8b623ad7d745e5f8c6b2edf4bb4
SHA256 9eec3722f2a595422668df5eeaa1332b8fd9066f2376ae15b92aa1ba13dbc7e1
SHA512 1197168f0ba1e8741997b9c6ceee36b808d74d50cbbf99b11b2d1bbf6ca438a87ae92a29b2e7ee167732921698cf960e6b4b30f13f48bcffef371b6fdac0dd34

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 daa3e036c83666d95269be0265a22968
SHA1 987747b22e3ca0f8a284ad9fa96e876b6c7298d4
SHA256 70c80444682663ec196054d7b7e29805368cdeac3d1f10766830dc58bbbeee5a
SHA512 cbdc18a327e4ca9b71306c720f562539c4902d0ba57c8ebbe59d5ac044cc6129ccd225b6fcc48cfbbf155ea1961f76b8f9920fc20c53d563197392d7be0453e0

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 f6fdc34f2d805c0634d3f61e87e96032
SHA1 bf43d3936a4ee3699da9e3144d16ab11538b0aa3
SHA256 d6e8baab16d189f98f301c5c8f0a9fe776a6a2c177a8a0ed3716cc5027e31320
SHA512 1350690e9e09d50fb1d14dc58b90073ca60e43da9c67c0230b5113d3d3602b65eb77eda9ff5dffcfec652a9250070212d5b34147ac0afb63cfd678b8f2c51c2c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 78a5d5629dffc2d6e736fb4f3af3d27c
SHA1 9ae95a1d3cce059215a3dc74c9f5e36ae115b9c2
SHA256 4cfb0bf0a285f468e9ded70f237ebc9e10cdb76f5774eab9216842b93d9e0bb5
SHA512 35384be231001e76df76ef232c7ce8367dcbe84ded2b5f39513e87a3459a31543be11567f05d92afea8153b11ced0a7d70638f5c3d2cca29692ae0fda1525eef

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 4eac60dbe96fa55ce861e2ae52d2ccf1
SHA1 b3333d24499947c95528a080179555c21936f4f4
SHA256 541bb3ba2973363c1a08c6344e0dfb8bc90b60c3cdbcd20cab700336ac34d4e3
SHA512 9c1656c0000539319fbee0858b651a01322a1bd17ef343922ba5198bc2c96b9a306fe5ca650acdebdfe5c43bb94c8cf2cc9a24c19037e75e6592b04f82818c77

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a3d70cdc504c2f9d50698b3b9a1793ed
SHA1 536e0802ac24ae2b0b02da0459b79dee7daf1731
SHA256 aa8561fed254d5805f19abb223f7c4565f7b2fd4bc4627de1a89425608be5279
SHA512 c30d1cb93e22cfa54bdfe4d21542fd3b06318bf553b75beb442fd99b49ed6b1cdc4f400f7b0f71c34c22e34ed2d78b30e9d119a3f272905ae968e94d897e59d3

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 fe7d06e6bb6025e1fd7896bb8e4846c2
SHA1 52d1f1b31b8de310248efaab197b9e43040fb366
SHA256 d31c655ac8b9cf2fba5d945e18c4384f4c8127309b59a97b4319f2f9fb31fbf8
SHA512 5ea10fe5af54524a6ec25c08ea0f12cc5b8c6794ba2f147ff7758e11718480e6f1e1736d3ff093c9e4b1cad18d004bcf3ec6badd6d2fa35a8306228afa717d0a

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 d2e7499f1f9f027bb68ffcf33fd970ed
SHA1 fa3dd384572d03ff34beb013c165f1abb329939a
SHA256 bb55a728cd3d7cff548a3da99246e19d49397be6a8e12db408aa47b4369d88bc
SHA512 c78162a6ffac9d56f2fdd098c6fe4970b7e0968b422362640db2fd50b96c5cb3e00650aa52328188eaf6efe704a559a101c544fff3926bdd11f1d7ec596511ad

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 14dcd717f0113173a181a67d9abf1487
SHA1 a0177c0b2bee648e81c0e9fca401a1e50738a9f9
SHA256 c15ff94f65233b690c05d7585b8a4f4096a5bc71149b536938b940d898610269
SHA512 ebf6a0966e9a478078a39a57fa5c975d3ea5a4925893a8301a31baaba1fb2222173358bb34663eb216ff24509396e2e35a7a049ab613d963cc50ce6d8616c1a0

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 3a932a2643c729e91625978093440a77
SHA1 f9ea670332a4655b0e2967c1b7166d8b2b9be0c1
SHA256 02a7d072327f6629244c77bba3a9be7b83b8798f1b4a6f079bfefa2595a9a38e
SHA512 56a9ae9a7720e131c63e0ec2f410bdc42f4436ff7c865ac9b09a4503492ab503d439b3b73a2c2a096132ee489655f795dae3be3b3150bd439b5fcfddc5a50e31

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 9451d130d309edb57b894aa7be27f450
SHA1 8b5c168d7d969fecf961abee60ce98fb200c7b55
SHA256 a26d596e7f4ccd317ec236149d384858e96debc2f60fd0a5a0fcfe3d779188c8
SHA512 44bfb3291e02ee4e5f7d56a6aa8f19539bd79f2ef68e352ceb2ba7e7078142d00a2a8d64bf26970574de0a0415e9a0874e43ebf8618d6924dd31665e205cf2e0

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 24c797a3a52fd652c939df8b86cb0eb2
SHA1 a6e22656ee09e738e83b90ef1fe0899d48b84c77
SHA256 e0b57dd24603901f77e07c8415c3dab81841cff74264f03dd02369390f2cadd1
SHA512 87ca81ad3e3c3b47aba9e0bd151367fe0d75429d17dc9fe292ac26199465d4bafecda8388cf98fd6e43dcab002f01df8a696f8ce83e9a21e08d2290c1a9b8afa

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 8e8a8e532623a220689911f14fb93f91
SHA1 739f3f5e9ecdbb114f70a48d4eddd00b15a7ffe8
SHA256 c7bacac4c05ae1677af86f8c8e9d6fec413aac0006a541ad331a6b123f0cce71
SHA512 038787fb595560d3c289d2d3dda8d822362b1cbab6aaf596883f7346d0449079a3333dbac68ab8c01d5d7256174095d1316e49cc8868a4b440e04d44cfb39357

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 a0b90eabfecb73bf286f6c85afaa0b2f
SHA1 446defd793f05de39bd019dbfba42dedf311d7c4
SHA256 93d6ebf42e895c42a6b2867ef008eca4414ea1f2ee54741a973c9983def589cb
SHA512 01f1e4fd6ba8995339f31ed9d1d27f64b0b040b171886146c61c4be8d5fce67a8f2e12ed25253621028ea2c8e5b483a2d1a68bdc650338bd81649d0f1013434a

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 9ceb8879bd6ac89c61ccc74baf20ada5
SHA1 ae0c207674980ef3d4502414ee3cbb6f24a4e8da
SHA256 6641f0e31bf20057b3c6f8ccb229d05e6da08f053e31b38ba87adf27f72bebf1
SHA512 cf1c36b8212eebec91ff963e2b19e4fe60261056bad25e1fe4f0d7846cc2ac0c6fec7a2bb85630c6af8dc5dd49893057031d9130ad4dd0c391d776852edbb1dd

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 7cdf7d41a1652167437e2c2979a8bc53
SHA1 8f4650bb738abee980d9c0f0230dda6a9af684c9
SHA256 2222bbe076df2a0a10d4ed79fc30904d0a9e18d3f488c02af3e67fb46e38e075
SHA512 138b6dc18693282ec9de1e6f8ee4b539b7948b983d2f2e3b396ea9247dd4ec4247313d537b7dc1f5ee90d94dc530ed79e624ffe0df57599a5c8c813b7e771950

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 9530adc9e12cf7006d2a0ace5b4fd72f
SHA1 769851183dece340c0b72c3e920ff38a8b2fb122
SHA256 5f6f322475ac388fc3a007c3245259b0b0d46c59954f39d565f85df3dbc7d208
SHA512 c9054e3afdbe58e25ed92ad5184a32414cf72443f858b8926a778e49141ebfd4d4c03841856ff34ffa7fea2e8908e44648395a5be669092facafa0382454aee1

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 5d9d10766f90258bbfa3d40fcc94cca9
SHA1 e587292f41f536cb610fb71509bab45e0d6da406
SHA256 08da6c2214b87f791ac537925cb04ff938595d1dd505c003522185c57137051c
SHA512 c7c7714edf38189792bbd0826a47ab75b6f33803212c0c46de02a75cb430d3ca51c436710e3b9d03bb49bdcdf83e02f221749e42a47030bd1196c6489bb8e967

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 e4c0220015afc17934b5791222f5ebf4
SHA1 658f1c1afc4993c8662de702aa1e77f6a86f4ea5
SHA256 3bb2109d7acef996a0dfc9a69898ce3de4ce9cd7aad2ab9cdd404e07e59f0adc
SHA512 c5f9a0de214a9c8c7fb34ef377b5996ddf7b73f4cae04387bf38d40730d3e02231c82ccf98d58bfece34032673f9b82a303907497772cf4bef59c87114499428

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 2dc78cb78a132265652047b53651ac25
SHA1 2b82ef78fed9e7550b1ac9c779dbcefc34be0559
SHA256 2d422101b1ecc45c5713f81c4d8237646ad6c1e849981868b5cdc74f47a0ec36
SHA512 0c3de1f45aeba480298b3e1b7455a5d98c5bc1b1a47ee7800b90ea414b4d39b4a01daa291c0ee7eb09aa2f6cc65ad28953855c840df5ec44195ff58dbf595f56

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 53df2dfb221d8792ce6551c56f846b7f
SHA1 bac329f608dad4c914c767150b31dd16635f413b
SHA256 43a9412b37826a6de485bbfbadf63af96a3bb8cfca12d0aa66c132ae177ae2d7
SHA512 bcff19aef11d8b71b1a2df1e0fa3dad4e3478cb4ce022bdcb1544c4b8697b16a0a52d79c77aad4f213649ba3dd18fe3afb592b7e130915b1ac0af0517c786f5f

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 5bf0a765506dac3d8906dddff9d7303d
SHA1 461731f11e44c8fcf21e76bf8feead2dda32bba8
SHA256 df2db48a98e4016e5d665533276074c3af7afa37ac0d7f386e6214c01009f477
SHA512 131e92bdc2697911398afb4bbf1d2bfc9800cc26d6a4b22649cc6477937fbd461c5106489d075fcab8c7418d4bf1f28ef30778df67eaad3b04f5e5d67d97b53a

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 d289d84c0406750cef937bdcdbd32740
SHA1 89a8a040a62bc0d2c2809177773f6a10bb83fae9
SHA256 e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d
SHA512 c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 587cc2c1e22ba6975cb01ff3fbeb5bd3
SHA1 28261dd70a617f312972e646a75d89fa2d3173e2
SHA256 cee9d615500c71a32a02fb548c970c06dc1fc90d754236ab9b60bb310a4ea8a5
SHA512 8c21c5eefa92507cadb696a31a640bbea6ae05c4bcb8cad7d6dd0570a5d2671170b834a6ba5583f372ef260dd7b0c0931012aa4b6e5531585ab8241afb3e5475

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 94bb8f5bf22af6c65c73855cf6438764
SHA1 a43b132c2307bb270ee4ed1231c330f758bf86e1
SHA256 4fccb5355c44d55f4d6c6950cc8e626ca0b59ac9e595df26274b01901e2820a8
SHA512 faad489fcd228d42ec8dd68c70f0de9dd22a545becba4251a31bbd44be4e1103025c958078ac62f157378efe1c0cd05d07f5b19767452b812bb35c6b0af15ee1

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 983993fa7b0e941178d64d0e39298d12
SHA1 08e68f01fd65e23cbb34f22c60233799b2f481dd
SHA256 3731da03c2545fd32c52664ab46c01a96d029f2b6d62831a6177d3ea2f986567
SHA512 ec955973124b122ff67c89562597f09d43fc14b0d2e89bafbef7401ff272b4b9c8155f2b70ccb31978fcde5a539f70ebd3482056f77081445290bad599d4539a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 859838e6c4c15f06eb63e85e662959f0
SHA1 51317141f9884819fbd2a49025d959a268929306
SHA256 1b3c41f7049ecc1799638b2847fc7a7bf30c5a88633c28d7a93ef0b637a52c1b
SHA512 1fa82ff8bd6f9f5c0cb49e9a0df9fc1530a27b3396e0e203844e96f084e46b180c9dd0e4363daf08ccfd2c41c08ace6c5f4ca9f19ece456fce6e745cec8a93ba

memory/8100-8937-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8939-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8938-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8944-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8945-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8943-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8947-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8948-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8946-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

memory/8100-8949-0x000001E227CC0000-0x000001E227CC1000-memory.dmp

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 477338ac640bb3737bae5d872a660178
SHA1 edca67cb2548f985f6579a7735bd6d9ba9438476
SHA256 b8120ac2009add2f3a2f8571061c11b81066351e3e43004b99bc20d05c000044
SHA512 634d884ef4b71c7970b600f8c92f56bcfabf932c0ac2a2ea99b4b7bfd4383674dd41cfce2c478286b60d4a7ced57c6aefc1dfbac6861e371cd13e84dfd5a76f3

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 e657a125e1bcec5add5c05fea4052a34
SHA1 fcdaa1bae36c01a1120664d85b94964d1b734b6c
SHA256 9d5fc29e04b7b9d25039bd2b8d06927db4513cd386080624024e07626cb5dd32
SHA512 1f6b51eba85a8d98d56041985a494121ad3a6ccb179424a818f24040559cac585dbc4793c2b632bcb24db19f4f9770cf98ab6f3de92bba913d5aea925e0e9e67

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 b62c3b75fdb582521ca2efb4700ddfe2
SHA1 ceae7be42daad64f6f4e52b718b89fdf82b2b274
SHA256 79a363fc9689e555771c2d0059df02439f0548cc4cb2ae65e10903e15c6ec24c
SHA512 a890aedd9a0435abddec156c68d1c5d50d9dd8af49d5599a70db31fa123f19e79ececb876d7729a7c8e0cb6510bd364b3dcb8b5afc51eafaf909d8ffb8d3b36a

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 7168e5ddf7cf33be496e6b377dfa80bc
SHA1 386d2b8df123cba27ab0d08cf3343a677bf7e6b7
SHA256 0ac28acf191f4c44231403fe681b7cd8778f620e74c7027f0a9e9c0f64de27ca
SHA512 c0e7de314a200be0593185bc2757423cb08bf25ca61658cffd647b3002f548ef795a9bb0dba812a977e532a5441ab16920558364ea042e84af61155f3571f436

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1728574a5c8955b836fb54c5c00bea3
SHA1 347d071ba1a801194350be050b35406ecd3efbbb
SHA256 bc73133902846a23f524fdaa975be5bbcd9e710fbe1bbe3d30d8543885e9ddcf
SHA512 d8f855cfaa8a83788d309c6cc266aa471ec9bd96d9bfc1bb36050b5b86a7179036c6b4ac1ee5b04802fde490ceaef475ec62e2451052979bc58c9ed5e119c58c

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 8eda61116655ccc9c0dc642f28982621
SHA1 5f9188a9134f1f1471f62405f636c6a66c9058e7
SHA256 d85e63b2d70eb011c8d5f6ba918f5a34872d6a6f5849be7701d0aa5155d980a9
SHA512 59d2e73f9216f232e4648363bb3ef211abbc51de6afd1cf6ddd840ec343fb2b1a0f75e6d605377cbfca72b7930e7cd571203078159026792005ed5de3b3c3501

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 0023145d20fbdbe6bd08819530c682b7
SHA1 68ccd5927807727b635635a40f7fc35c233d28e0
SHA256 b56e52cdedaf400c6bef2d1a60eb065d472bba3cd31b8ac68716c3a2ec93e414
SHA512 c67b15db6f8799cfac09c001199088e8562723b6a239f2d80705c58d4a4ba822386b99a027920ed2e44f38b9d99ce61bf6b36bea798347b18165b9038ddd8aa6

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f09fa6c5860887f73994f0316e44ebd
SHA1 d56ad4da4bc46ecbf5f0e73cc2061b61693ea356
SHA256 60e8df0a104688253177c758a48a3bb97d995a5b12ff1f412dde3a019e1f07aa
SHA512 cc7bd713ea1f4fbff18b32ba52f0332baa5570ac13456a757744f7b9a107e587ffbc465224716572bcc68f02a660aedb6a54f34cd5c889b4a320eed2672b879e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 6108d9d9bb50fdd2466414a637b890b3
SHA1 dfcf3932f1bfb815dcc681fd330a463f60bb3fd7
SHA256 b080dacd7d5237d551030872a260cf79f0eb361dbe2364cd51223cade01e16f1
SHA512 76f2fd03fcaeb444c1e9e6e803dba379815c16d4c33f9a5dbe56dd1caa1be4cf1031e47373044ffd7576e5f1d2840adb10be18db6a13cf149432d334fe092b89

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 3469d5bad27ac4a77a606012f7b8c7ae
SHA1 d1aff8a09afef219e46fb8cf22bf6bbc42d69586
SHA256 90498d4bdb753730dd1a54872fbdcd4f005a944b31a26066f6418ed482c81921
SHA512 88ab911a2d5df8227326e9f1a48aed44d843343a793266528b2c31fa7d345a5f469dd720a17114b408fe984658276e7f896055aacc0e110285d3479d660741ec

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 855c3eed90076b3328cba0f5d43f7f99
SHA1 a939dc8ee48c157b32ba1ba53f568801a22986b4
SHA256 f196bf09a557e1820971e6f41ee957917ee3d92ee84f2c8f36e6c652a6da9bcc
SHA512 ee67a8f471aed73ffec360112f7bbe335ed0dc2a23baad069de775c7ca2031212b678efdf98334f3a1e74de2513cc9cfa652a05d05c01f4e3dff6d8e1e3f6073

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d384d3a53612f60fbbbc4099a4ae0e64
SHA1 6ed0505b603e2a2c088d8f71cb3e15e45b61f0f3
SHA256 6032bd0e9f6786207dce6f552dcc3334cc835d6812cfb0a3dbca19e4f5d34f46
SHA512 e3c0ec97fa7a38d60fcfecd335d44202385028a50c5559bf9c24c370e31d8a04daf45a037b4051b3d3db68721fb4ec3e09572030bdedfafe3aff34311129df22

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 5c4b6998682070ad73cd246eae251ccb
SHA1 d4e3eef6332a6598e5d63741f3407574c7de5f5b
SHA256 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1
SHA512 e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 cfbb22dccd1f1494d4d26d0c1c01f0f6
SHA1 fc731925fa718c400c61409b7b27d6f019eacf13
SHA256 c2604f5850e7b6b8994bd6f69c7c4e1bde2ea557ec0378a7ef978fddb03b204d
SHA512 e5a844a323ebcf014486303b3327250870428ddcc8cc0992ca807c1a8981dc07d518726d85daa227a1a4792578154ffbb4d0002851f1abeca9dddc3860c16714

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 ab258c2dec1945b65cd09b302652e8d5
SHA1 90e660cd3502d9bde40227ec0c0c2820958bab3c
SHA256 c488c36827fc5505fc797e4d7f9bc56c2c2ab9d8c432ff9eb55657179bbe5e36
SHA512 de9e9d01f7cfe40fb64ff4e9ca83ae8f7a87b2e460d89b1fd6717f007afbaffb8cd4dd34e13352c46bbc00372c3ff7f9d9027f54df44f2fba16bd0dda4cfe7fc

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 bd451056b75cb216e73a4e8a7e8767e7
SHA1 55534f5e69049ff39464bdfe5d427b903c5f3ee2
SHA256 c97eb3c24c66d14d13408b45c295990994b78134dbad4e518547584f95ef8353
SHA512 bc314fe4d9bb251fa603a0b6f36c35ff17e241229d9b022d10ca75576e3d1ddccf35ca8d0ff12c504940b2a4a78e6bab02b8cb538c4d3ac1ccc57dc53787cb8e

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 2a6f5614480fbb59daf21aee7f3bb700
SHA1 0b702890f8020988d9e1dd166f15ce7f65e7f9dc
SHA256 852b8a8b3502e4d0c4559e2dfe1ff7d56d79d7060c7f9059652c94bf3c205041
SHA512 933d5ef42a2a60d7158c1ec208c6f63fc08d657254d57eecb67026dd3046426fb4461ff67444a7a03021c18b64eea523670ced93d325337a857e5b77ef2ba9bc

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 4f746f50bd82ad0764b3b6028a913027
SHA1 0aa179110c9d7bed1c2009da2a94162fce0a45cb
SHA256 96f3f4c6a28a658df12385fa064dba3e1885350f217f0bcafd2e4f4901bd5ec8
SHA512 16b8d4518b44101295b55a4e177ddd1549b6ed20ca3b818d25ae2a75b8ea4fdd6d54bc1acbbc5e6af209718d924cbad16d19206f44a86bef982eb7796c1ae3bf

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 89c55256fb4b126e881c5c03902f97a7
SHA1 2fc8c7547ce5950f11d52c68baf2b12766be3935
SHA256 bbad4b288ed78c735a5ad60e971fecf1d62147b4e7b326bbaf474304f536af17
SHA512 84c032036cdb3470ac953ca639d16ec227f8dadfbc319a9ea04d18fc180b83a85754111ef1d3652ac0f461fe0332642cb6336ad74c6db960c7dddc0aaa7f7d55

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 2b08787262cfef0a76ffe1c94742fc24
SHA1 13c133e0dceb688c63cd77e3a0bd0aa77be7b305
SHA256 4cf335a03881adf353f1c9950989c4196db5ad9cccea3e865a712dabeeffee87
SHA512 8e8d24638be00d31e51dd09730c5c330e4b266e5e3ba5bfa17157ce485de0a9131e47c0365c2f58ba6e79510ffbf7d95559483cb6ed212ee3978fa2798fabdf6

C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

MD5 3bc4d2bb173c005c678da34697c17d99
SHA1 2e07b4f3af7dc82d8f7a5fdc920578f6e908a0cf
SHA256 fbcfade08f8d2617b6e9f2e279f81ce3b5e1fc0cce5bcfd927cde1335114f6da
SHA512 36864cef0ba96899d1c9ce088ae931b10461f1360a21fe8791b61acbd6ff1b30786a0f6745eac6acbdcfbcd3f05347aa1aa05fdaaf9e36e8fd0da3768ae78a17

C:\Windows\System32\drivers\MbamChameleon.sys

MD5 2a0bea88ce233b8d841d56df26195e06
SHA1 889af4a1f2b77423d5557c8ba7980e5d25e74647
SHA256 6116b30ab6f4bf5f0e8eca78bc67890e7aacc6c74fbb4a15a93af44bb34f2636
SHA512 c3d2620e3e1c19b63bacd578cbe55d52242dd01fc3ba5a90d0d001f8cab105a123959f0b18a8e6e71b4dc97d7995e832c8cd2d3693d808c8a81c98499cc63fd2

C:\Windows\Temp\tmp6056aaaaaa

MD5 39949f6b581e7e7d0cc68316814f203c
SHA1 1bfaf4a50b78dc11873880dad864087f3d791b35
SHA256 c17f0ba6b1520462d0ced872247b29787ed8093288832576b5654efe6039477f
SHA512 3e0f283fd27dd1cbf103297761f05a680a741a74caf00f5abe78d7eb66cda554f29c8e7e24419cacefe848b35d02268271d5a5f39e31e5cc6a3ceff85b0037fd

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

MD5 99c8e47d747b36be8ffcfdd29b80dc3d
SHA1 9b8e87563fee31abf90bded22241f444b947b071
SHA256 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7
SHA512 f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

MD5 d4838f8fd45733aa1bccbe43e779c5c4
SHA1 4431b01aa75cdacd51364e93a0d0e672b1aab912
SHA256 31611fc02398bb839562e57e4854d15b806a20b37973a18e4eb008da15de6ea0
SHA512 904827c77619a6c8e7368979ba958ef7785fec80c24be9bcdbcc5a8ce37035b9d52a1072ae0072e1b94c9027d298a671bd139dc438647b271ba20916e7e6e3d8

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 358f702e40638f39ffd9c61f5c588642
SHA1 a2831356ca154afb90e76386d4f88df3ad83e4e1
SHA256 d5cd3d93302cc88e3354a9941d40d497ef9b5ce34ebe88d5d4fc3a966eb42025
SHA512 39b70e5da84226c8120577ceea4732eb7bde60ec78353e15cc649b929b87fac619874c0425880eba666091b42be1f0efbc733b83f974ea343f4e9ab35ac79800

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D16.tmp

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 6c36f0016b50a7e6fa9b028617a97ae9
SHA1 8a241337bdc3657e47c005d4a0381212a4295403
SHA256 29c3ea7776b3cf5df4005c5458946329ceb2063077a47415cecb9c180fd73f63
SHA512 1ecffd0734ce2d6c4616f9f3f092ac0927a3e2930ba2d4cf621b71f3819e37fbf123323b5eb4ef4468673d242552411c2d9c6275ee3a32b25052a2e82b47130a

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D22.tmp

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 26d5f49d66cd5a32a2c9c6e83e709cbb
SHA1 534c450d554feb7501edd4b24b9cb162013be3c2
SHA256 dee15eeefe9a7b4c7d570380286b7078d9613487043a20d179ceead9dd6e081c
SHA512 8c16a65334b5d1365a13159737a3c08158fef20569bcc4d974fd17843a0270484f9d71e9fbe7f7b1f64cd6b30f024fc0604b8464a091038e1f0a2b69eae80e4a

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2A.tmp

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2C.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

MD5 dd1668927d7bf2ab4927d129a01b675e
SHA1 0c0c77dd9c68c38ce61ce20a956954dbb83f4cc9
SHA256 dfc9908dbae3964cf95ea2c30b30a32ae238af31e371f4db0d504aed7bda75e7
SHA512 69431128f58d61c0e5bca1d3f06411ed590c36494a95146f58e428c40841dd70ef2a9572f8b5578b166e989d41b78b5c2fd0133b802e9dc61c85237a89336b3c

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 baf2c209e35ca6ecc1eb55503843777e
SHA1 fb453ceaa83537102c73d01b37a741be2f5fc7d9
SHA256 0dfdbfc697691d1160ec1e33c98f6077d7c6f88f3563c8e8dc8445b13eaf5b26
SHA512 65872212f016732c750487c24b044e56dcfd9d1d1f446fafc9922290ebff2c7f675a931fac398e9fd213da6eaf84c19f832df9ba002abc9d0572a4ae17f1e76c

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D59.tmp

MD5 607039b9e741f29a5996d255ae7ea39f
SHA1 9ea6ef007bee59e05dd9dd994da2a56a8675a021
SHA256 be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369
SHA512 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 687da65397a0575bdc27c5cb3cc7505b
SHA1 922fc65f2a6c649cc863336d99006c5ad2a382bb
SHA256 76a6f719dc2399de7207b38ff1fb3c7c39a310562cae9562c155d81372a7ef07
SHA512 00160a9f617c1f4f8d738f72b03827077142431785cfe12a491baf3bc7e1e268fcc8deaeb39f5376286b1ac39a4d3a353655fe6e997104fb715fce128d381b03

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD9.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 9cf3a5d1156c2cb4349587ddab394515
SHA1 8a2d3e137688c9a908b5efe142c57a1db46513ad
SHA256 8a1336f38e7f9d77d93061484474349520ce7638d4c126e9bb5ab58b32628a45
SHA512 0b24d8ea3277974ee37ee8c8177cf1dd25b053cca93d943b719b311f109afb9c38b716f19829294bb0bda3ecbe3e1742242966ec5210b72565bf51b18c655b21

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

MD5 6cd9a85ddc84cc35a698b5b603ed5622
SHA1 07bf47c776add59180895d928ab81ea21cf40f88
SHA256 54a15159be168bd096f45be4361b032e1292a03fbb40bbd8ee3c8643fa971dd0
SHA512 76d84302f4040bff8c5eb4a1b5342a7a1d3151b438e57565e8477d31b24f696e7dcaf46f66573ca636977ad6e7a1dc8ca644c2a85ae084ce0e003c82dde78355

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 b78afd53bdf64e26434eeff62aba88fd
SHA1 cd79acf844fb470d708d82a09201408b53a17096
SHA256 030815620fc80b67b1e3a5f58adbfbfc4e5485af79a4dcedcd21a30add2246d8
SHA512 caa467c533b0e6c5ff784da86ef85ab2245c8729f57d0387823c4cf0d57f4be8ad63f03d859b12fb745c812e292e65760580cdd5e255b6ae30db1d858630dce4

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ea3401d59353a6a199f73dfcfd1a20e4
SHA1 9b3d2dd1d773da72f69f46d65793ecc1ab2e990b
SHA256 187ee465fc91862a957dc3962a367a2194c8acaabcaadc1ad87deb3e49e77b82
SHA512 9285e65309443095ba4343faa4c6beb305c1b8b2527efdc8b925d9b2a20eaab689a92442c01ebbf94fbd54b625d2fa4ccfb0e540196722b4e614662e09b3513b

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 63721fdf03d0d477c3fab7d6ae9c609f
SHA1 28e45122d1eb49ff25042c829f0932b2b695afc4
SHA256 476ece59e0fdccdaf6d35841ba7587f5c619150d304bf5a7bf9310099bd01902
SHA512 82f68f6fdf75b1485111e0e869875ac1c446ff3536ca294ffa649b3c9b36f24798d253746dba97a3bf0617264184df8f6e142ee38fc0bcf7793f3827be98f005

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 be8d115a4f76d4305d985fb0e6636c9b
SHA1 fb7ca8c3708dba6755eca919c248362145b9f2d9
SHA256 d09947b947416c717cc24c377137c59e1e24bb3279fe5955d797055752f7ac7c
SHA512 aa19c7a538047472709eadabee18e5df6bdf9f18ba2b5065c950ef535d0e26aac4b929808fe3b9db538b917e08df25d7e2a58d1259270748ea732dccce01b3b7

C:\Windows\System32\catroot2\dberr.txt

MD5 458af7f613f88dfbc08709af5fb67162
SHA1 dcbdd6f130e4e80cec214d67ec4fb17e9478aa7c
SHA256 f6e1dd5453673489d73dd0affaed27c1f3b833f22159670e5dbdbf387b9777bd
SHA512 c6a6a88ef27eb98714738127fa746db317ac90b3b69792f99f13fb67e69316b7279026aa137475a1ca2eae10d3488bf25db48e5ea34084deaeb933ff8321fd31

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 c84c71a917cbf470e61d0d54a7899a4a
SHA1 1983ccc6d244722c29835acb0113ad21927318e5
SHA256 f0d284b532f14781340a80ab1d456bf68dab53cda656ab8ee4511d31bb37f55f
SHA512 10b674918c6c5fcc5f0b10c84c7a31e8a5364efe475f1b7610a072f52e86753ba281ef97b2b706d087a9eac8beefdbc8a0070a6e39a65913a8b162064caef029

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 28bbccbb875378445d05cfd59b5ae3ba
SHA1 910aa53ee986ee937644d0188a92d9caa0c49f4b
SHA256 b2baf928e047e4358d6a87415463f4d8a9ecc157f551cae435034ef6bf7f1418
SHA512 4c0d1672f5de437640977c3d867651c896aaaabec44d33c76e3497c264d10f311b6ece4890c527332e1ffea3277b1617d172ed65e74ce1e9cedaa0a5c43af9d1

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a80095cd0fdc413fa2845954334f9ca7
SHA1 927a93d071b018b47499e7c33d5dcf2843f5bfb8
SHA256 47a26dbae546138e57c1d813abd2b668f2c40daea39e2629d52fb14f9401a4ad
SHA512 e42cf0274b348204a468c1a39507cb1892d7fd9d607b464a69a73ec6e2a29bd011fee624676a85a5d559a245b2e8af7105f587d4ecac23a683e284ebbb40973b

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a3eeb87ef9ff8167c63e2d69ca1b0814
SHA1 760044670a2d96aa6267601ab55654e99e91370f
SHA256 fc48e5828b8cec9f2411cf2fb14f1a90bc00e5d9671e296b68d5c10a369c5e86
SHA512 7dea7cf9d7e1e9a9b475b40fcf48bd39ec48084ddf81558b9b5cabfcd1449a7ab080d0c085885f1cc502736086052ef6a77d443ba0089f8d85c32622927cb22d

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\e0f495cc-2291-11ef-85dc-620c7149a6b2.json

MD5 a10c4f9c41cc431ca119e534cfe6314d
SHA1 5f7b6e50c55e23eaf3d7f547dac46a93f9ddb43d
SHA256 e13e5b4fdcc047eb23dd6eab4b0bbd82b044706fca214e1fa9be655995927a97
SHA512 c1642ec62d59446fccdaca621078f80e10b53d057663f1fe627342dcfc1216e39d632d19b484ebb8cccf57c8be8df94df3810442d574c5fef6185c1d26906b9b

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 094fc53e4c1e7171c8d0796dc42953a6
SHA1 3b93fbc31ec337315007c1e3f1050adfcf07b0da
SHA256 cad38e76c61cbcf19865be154a7e3088ac788d276d7640da62e7204241f51824
SHA512 2c5f57bb1883c216607b328c08c3d20fab296dac021f46d15de850eb93ce2104daa9f2c127e228d759e96f2a53e964f48f5f2c9a1cd94fac32993d41cfcd6519

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

MD5 d0ab545b92f4cb4a35040ebeb68164ac
SHA1 521c6a425c3959774f7383065d5102f2eb70e090
SHA256 9f4e83bb4a5239c8563c9cde08b9463b7dd0ba1e4bc4497b0af40406886bea0b
SHA512 aa342b070c9e249deac5b9ded992bc8b103332a0f12e46a73eb156e2f345a3ebac92507b96914495dbcad31c2cff5568d066c701b8d9f1d7df4a5d90c225a9ae

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 16:33

Reported

2024-06-04 16:49

Platform

win10v2004-20240426-en

Max time kernel

443s

Max time network

452s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WinSpace.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3920 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Users\Admin\AppData\Local\Temp\WinSpace.exe
PID 3920 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Users\Admin\AppData\Local\Temp\WinSpace.exe
PID 3672 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 1012 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 2228 wrote to memory of 1900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gh.exe
PID 2228 wrote to memory of 1900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gh.exe
PID 1900 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 1900 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 3736 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
PID 3736 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
PID 3672 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 3672 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\WinSpace.exe C:\Windows\system32\cmd.exe
PID 2320 wrote to memory of 4792 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gh.exe
PID 2320 wrote to memory of 4792 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gh.exe
PID 4792 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 4792 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 4792 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 4792 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\gh.exe C:\Windows\system32\tzutil.exe
PID 4788 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\winspace_api.exe C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
PID 4788 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\winspace_api.exe C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
PID 1016 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\winspace_api.exe C:\Windows\system32\cmd.exe
PID 1016 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\winspace_api.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3280 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1132 wrote to memory of 3280 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WinSpace.exe

"C:\Users\Admin\AppData\Local\Temp\WinSpace.exe"

C:\Users\Admin\AppData\Local\Temp\WinSpace.exe

"C:\Users\Admin\AppData\Local\Temp\WinSpace.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c title WinSpace [Elyx] [1.0]

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "winspace_api.exe -e 2344aiusdefplk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gh auth status > lg/lg_status.lg

C:\Users\Admin\AppData\Local\Temp\gh.exe

gh auth status

C:\Users\Admin\AppData\Local\Temp\winspace_api.exe

winspace_api.exe -e 2344aiusdefplk

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gh auth login -p ssh -w --insecure-storage --skip-ssh-key

C:\Users\Admin\AppData\Local\Temp\gh.exe

gh auth login -p ssh -w --insecure-storage --skip-ssh-key

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Windows\system32\tzutil.exe

tzutil /g

C:\Users\Admin\AppData\Local\Temp\winspace_api.exe

winspace_api.exe -e 2344aiusdefplk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39202\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI39202\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI39202\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI39202\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI39202\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI47882\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_wmi.pyd

MD5 7ec3fc12c75268972078b1c50c133e9b
SHA1 73f9cf237fe773178a997ad8ec6cd3ac0757c71e
SHA256 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f
SHA512 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_tkinter.pyd

MD5 1df0201667b4718637318dbcdc74a574
SHA1 fd44a9b3c525beffbca62c6abe4ba581b9233db2
SHA256 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076
SHA512 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_ssl.pyd

MD5 5b9b3f978d07e5a9d701f832463fc29d
SHA1 0fcd7342772ad0797c9cb891bf17e6a10c2b155b
SHA256 d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa
SHA512 e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_sqlite3.pyd

MD5 29464d52ba96bb11dbdccbb7d1e067b4
SHA1 d6a288e68f54fb3f3b38769f271bf885fd30cbf6
SHA256 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe
SHA512 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_queue.pyd

MD5 6e0cb85dc94e351474d7625f63e49b22
SHA1 66737402f76862eb2278e822b94e0d12dcb063c5
SHA256 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b
SHA512 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_overlapped.pyd

MD5 ba368245d104b1e016d45e96a54dd9ce
SHA1 b79ef0eb9557a0c7fa78b11997de0bb057ab0c52
SHA256 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615
SHA512 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_multiprocessing.pyd

MD5 a4281e383ef82c482c8bda50504be04a
SHA1 4945a2998f9c9f8ce1c078395ffbedb29c715d5d
SHA256 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c
SHA512 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

C:\Users\Admin\AppData\Local\Temp\_MEI47882\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI47882\zlib1.dll

MD5 297e845dd893e549146ae6826101e64f
SHA1 6c52876ea6efb2bc8d630761752df8c0a79542f1
SHA256 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1
SHA512 f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

C:\Users\Admin\AppData\Local\Temp\_MEI47882\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI47882\tk86t.dll

MD5 9fb68a0252e2b6cd99fd0cb6708c1606
SHA1 60ab372e8473fad0f03801b6719bf5cccfc2592e
SHA256 c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de
SHA512 f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

C:\Users\Admin\AppData\Local\Temp\_MEI47882\tcl86t.dll

MD5 21dc82dd9cc445f92e0172d961162222
SHA1 73bc20b509e1545b16324480d9620ae25364ebf1
SHA256 c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03
SHA512 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

C:\Users\Admin\AppData\Local\Temp\_MEI47882\sqlite3.dll

MD5 612fc8a817c5faa9cb5e89b0d4096216
SHA1 c8189cbb846f9a77f1ae67f3bd6b71b6363b9562
SHA256 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49
SHA512 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237

C:\Users\Admin\AppData\Local\Temp\_MEI47882\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI47882\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337