troldesh | hxxps://gofile[.]io/d/gfNWfa

Analysis

max time kernel
951s
max time network
927s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-01-2025 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/gfNWfa

Score

10^/10

troldesh defense_evasion discovery persistence phishing privilege_escalation ransomware spyware stealer trojan upx

Malware Config

Signatures

Troldesh family
troldesh
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
5776	BraveBrowserSetup-BRV002.exe
1780	BraveUpdate.exe
5836	BraveUpdate.exe
4092	BraveUpdate.exe
5916	BraveUpdateComRegisterShell64.exe
4132	BraveUpdateComRegisterShell64.exe
1408	BraveUpdateComRegisterShell64.exe
1420	BraveUpdate.exe
5768	BraveUpdate.exe
2728	BraveUpdate.exe
4480	brave_installer-x64.exe
3804	setup.exe
1464	setup.exe
3108	setup.exe
4064	setup.exe
1280	BraveUpdate.exe
3420	BraveUpdateOnDemand.exe
5036	BraveUpdate.exe
244	brave.exe
6056	brave.exe
2948	brave.exe
4880	brave.exe
4576	elevation_service.exe
2760	brave.exe
5884	brave.exe
3528	brave.exe
2800	brave.exe
1408	brave.exe
1968	brave.exe
2064	brave.exe
1688	brave.exe
3124	brave.exe
4544	chrmstp.exe
4616	chrmstp.exe
5528	chrmstp.exe
3544	chrmstp.exe
1084	brave.exe
5920	brave.exe
5228	brave.exe
5248	brave.exe
656	brave.exe
3392	brave.exe
1688	brave.exe
2432	brave.exe
5028	brave.exe
2412	brave.exe
1680	brave.exe
4800	brave.exe
3132	brave.exe
5216	brave.exe
2976	brave.exe
4784	brave.exe
1272	brave.exe
1240	brave.exe
1364	brave.exe
5328	brave.exe
4124	brave.exe
5408	brave.exe
5236	brave.exe
6020	brave.exe
764	brave.exe
1020	brave.exe
1960	brave.exe
3124	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
1780	BraveUpdate.exe
5836	BraveUpdate.exe
4092	BraveUpdate.exe
5916	BraveUpdateComRegisterShell64.exe
4092	BraveUpdate.exe
4132	BraveUpdateComRegisterShell64.exe
4092	BraveUpdate.exe
1408	BraveUpdateComRegisterShell64.exe
4092	BraveUpdate.exe
1420	BraveUpdate.exe
5768	BraveUpdate.exe
2728	BraveUpdate.exe
2728	BraveUpdate.exe
5768	BraveUpdate.exe
1280	BraveUpdate.exe
5036	BraveUpdate.exe
5036	BraveUpdate.exe
244	brave.exe
6056	brave.exe
244	brave.exe
2948	brave.exe
4880	brave.exe
2760	brave.exe
2948	brave.exe
2948	brave.exe
2948	brave.exe
2948	brave.exe
2760	brave.exe
4880	brave.exe
2948	brave.exe
2948	brave.exe
2948	brave.exe
3528	brave.exe
3528	brave.exe
5884	brave.exe
5884	brave.exe
2800	brave.exe
1408	brave.exe
1968	brave.exe
2064	brave.exe
1688	brave.exe
3124	brave.exe
1688	brave.exe
3124	brave.exe
1408	brave.exe
1968	brave.exe
2064	brave.exe
2800	brave.exe
1084	brave.exe
1084	brave.exe
5920	brave.exe
5920	brave.exe
5228	brave.exe
5228	brave.exe
5248	brave.exe
5248	brave.exe
656	brave.exe
656	brave.exe
3392	brave.exe
3392	brave.exe
1688	brave.exe
1688	brave.exe
2432	brave.exe
2432	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
64	raw.githubusercontent.com
264	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-5456-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5458-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5459-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5457-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5465-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5468-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1476-5471-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1476-5473-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5476-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5479-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2204-5482-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\bn.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\sr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ja\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\sl\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\chrome.dll.sig	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\en-US.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ta\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\pl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\ru.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\dxil.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\lt.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\vk_swiftshader.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lv.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\chrome_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\chrome.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\mr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\en_GB\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ko\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\uk\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\zh_CN\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\sk.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\PrivacySandboxAttestationsPreloaded\manifest.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\en_US\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_kn.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\nb.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_id.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe	brave_installer-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\ar.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ar.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_bg.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_zh-TW.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\ro.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\6cd8f2a5-7cb5-4a32-ab23-ac04694c601a.tmp	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\BraveVpnWireguardService\wireguard.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\Locales\tr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ar\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\bg\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\pt_BR\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_da.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-PT.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\pt_PT\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\el\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\et\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\gu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source3804_652751999\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\nb\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine_64.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\131.1.73.104\brave_installer-x64.exe	BraveUpdate.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1611004662\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-uk.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5976_1020754430\puffpatch_out	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_es.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_vi.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\psuser_arm64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1707901821\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_244_170056427\extension_1_0_69.crx	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1707901821\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1689277430\kp_pinslist.pb	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\psmachine_64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_da.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_bg.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-de-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_sw.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_244_2068733129\extension_1_0_1021.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1156822317\download_file_types.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_2084438679\carla-gomez-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\BraveCrashHandler64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_et.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_iw.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_42204557\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_244_290621911\jflhchccmppkfebkiaminageehmchikm_2025.01.04.01_all_ad2cfpnycovgmhtt7bffvfblahoa.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5976_1520331007\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1023022623\1\clean-urls.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-sq.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1778701037\safety_tips.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1023022623\1\request-otr.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1500486209\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_428594284\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_2084438679\eric-patterson-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_nl.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1821750539\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-ml.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_366784878\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-ta.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1689277430\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5976_1520331007\list.txt	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_kn.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-te.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-cs.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\goopdateres_hr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_428594284\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_136806126\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1454991225\adad97aa-b7d4-475c-bd94-d190f91d7366.png	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_2084438679\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1611004662\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-und-ethi.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp\chromium_installer.log	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1023022623\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1500486209\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_428594284\crl-set	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1420	BraveUpdate.exe
1280	BraveUpdate.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805802745644384"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\Application\ApplicationIcon = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe,0"	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-1004"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000008b11c756af18db019114acdab718db01d5d9b0dab718db0114000000	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CurVer\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods\ = "7"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\TypeLib\ = "{F396861E-0C8E-4C71-8256-2FAE6D759CE9}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6B042DC7-1633-49A2-8255-7DA828C32CA7}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion"	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\AppID = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0D2DC5A9-E726-4D6B-BD5E-648F4BDA4930}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\BraveFile\Application	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc.1.0	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods\ = "43"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ = "IAppVersionWeb"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BravePDF\shell\open\command\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\ProgID\ = "BraveSoftwareUpdate.PolicyStatusMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\VersionIndependentProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods\ = "43"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback\CurVer\ = "BraveSoftwareUpdate.Update3WebMachineFallback.1.0"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0D2DC5A9-E726-4D6B-BD5E-648F4BDA4930}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe	BraveUpdate.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File created	C:\Windows\SystemTemp\GUM952A.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\Desktop\NoMoreRansom.zip:Zone.Identifier	brave.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4924	chrome.exe
4924	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
5768	BraveUpdate.exe
5768	BraveUpdate.exe
1280	BraveUpdate.exe
1280	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
1780	BraveUpdate.exe
244	brave.exe
244	brave.exe
1960	brave.exe
1960	brave.exe
5256	msedge.exe
5256	msedge.exe
1628	msedge.exe
1628	msedge.exe
5976	brave.exe
5976	brave.exe
5976	brave.exe
4844	BraveUpdate.exe
4844	BraveUpdate.exe
6140	brave.exe
6140	brave.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
3724	BraveUpdate.exe
3724	BraveUpdate.exe
2204	[email protected]
2204	[email protected]
2204	[email protected]
2204	[email protected]
1476	[email protected]
1476	[email protected]
1476	[email protected]
1476	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
884	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
244	brave.exe
5256	msedge.exe
5256	msedge.exe
5976	brave.exe
5976	brave.exe
5976	brave.exe
5976	brave.exe
5976	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1020	brave.exe
884	brave.exe
884	brave.exe
884	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2840	2808	chrome.exe	77
PID 2808 wrote to memory of 2840	2808	chrome.exe	77
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 2060	2808	chrome.exe	78
PID 2808 wrote to memory of 3196	2808	chrome.exe	79
PID 2808 wrote to memory of 3196	2808	chrome.exe	79
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80
PID 2808 wrote to memory of 3324	2808	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/gfNWfa
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac108cc40,0x7ffac108cc4c,0x7ffac108cc58
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3504,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3364,i,1169560518194845847,15159408350265425850,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac108cc40,0x7ffac108cc4c,0x7ffac108cc58
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5496,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=212,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3408,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3332,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3724,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3328,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5716,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3448,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5644,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4524,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5368,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3472,i,14860811369414226322,14031689292686585240,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:956

C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
"C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:5776
- C:\Windows\SystemTemp\GUM952A.tmp\BraveUpdate.exe
  C:\Windows\SystemTemp\GUM952A.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:5836
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4092
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:5916
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4132
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1408
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszMTM5OERFMy04Q0MzLTREQkQtQjU2OC1GMkY3MkFBRUI1MjZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MEVDODQ0NjktNDcwNi00RTYyLTg5MDctNkJBQTAwMzY4Q0U4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYyNSIvPjwvYXBwPjwvcmVxdWVzdD4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1420
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{31398DE3-8CC3-4DBD-B568-F2F72AAEB526}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5768

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2728
- C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\guiEEA6.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4480
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\guiEEA6.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:3804
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7fa9ef418,0x7ff7fa9ef424,0x7ff7fa9ef430
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1464
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\guiEEA6.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3108
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{04AFA29A-3EE8-4010-8669-71ACAAE80B34}\CR_5CE1F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7fa9ef418,0x7ff7fa9ef424,0x7ff7fa9ef430
        5⤵
        Executes dropped EXE
        
        PID:4064
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszMTM5OERFMy04Q0MzLTREQkQtQjU2OC1GMkY3MkFBRUI1MjZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MTdGQTk5NjAtNTM4Qi00MTQ2LUE5NTktOEUxQTBCRDA5QzBGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjEwNCIgYXA9InJlbGVhc2UiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwczovL3VwZGF0ZXMtY2RuLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UvcmVsZWFzZS93aW4vMTMxLjEuNzMuMTA0L3g2NC9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBkb3dubG9hZF90aW1lX21zPSIxNDM5MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIxIiBkb3dubG9hZF90aW1lX21zPSIxNTM5MiIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBpbnN0YWxsX3RpbWVfbXM9IjI5NTY1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1280

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3420
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5036
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:244
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0xf8,0xfc,0x100,0x80,0x104,0x7ffaac791d18,0x7ffaac791d24,0x7ffaac791d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6056
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1940 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2948
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2172,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2240 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4880
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2388,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2596 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2760
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3492,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5884
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3516,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3632 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3528
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4892,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4716 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2800
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4980,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4996 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4984,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4168 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1968
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5308,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5332 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2064
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5328,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5476 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1688
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4544
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff72e8af418,0x7ff72e8af424,0x7ff72e8af430
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4616
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5528
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff72e8af418,0x7ff72e8af424,0x7ff72e8af430
        6⤵
        Executes dropped EXE
        
        PID:3544
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4960,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5640 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3124
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5008,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5776 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:656
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5256,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5160 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1084
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5248,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5556 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5920
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5024,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4968 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5228
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4920,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4900 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5248
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6164,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5208 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3392
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6056,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5536 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1688
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4908,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6160 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2432
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6128,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5936 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5028
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3704,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2412
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5988,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1680
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5868,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6096 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:4800
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4864,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3720 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:3132
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=212,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5936 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5216
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5896,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5928 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2976
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6092,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6172 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:4784
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5548,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5780 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1272
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5516,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5860 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1240
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3592,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5176 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1364
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=2968,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5328
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5912,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:4124
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5164,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5100 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5940,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4868 /prefetch:12
      4⤵
      Executes dropped EXE
      PID:5236
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5180,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5576 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6020
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=454227093854775460 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5680,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5652 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:764
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5276,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5860 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1020
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5420,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3376 /prefetch:10
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1960
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5176,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6324 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:3124
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6360,i,17289407005883582798,5344924410064060219,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6368 /prefetch:14
      4⤵
      NTFS ADS
      PID:5608

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffab9943cb8,0x7ffab9943cc8,0x7ffab9943cd8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,6222927836631123415,13071856929050057489,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,6222927836631123415,13071856929050057489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,6222927836631123415,13071856929050057489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,6222927836631123415,13071856929050057489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,6222927836631123415,13071856929050057489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5976
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaac791d18,0x7ffaac791d24,0x7ffaac791d30
  2⤵
  PID:4016
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1868,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:396
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2080,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2216 /prefetch:11
  2⤵
  PID:1668
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2380,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2392 /prefetch:13
  2⤵
  PID:1280
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=8115293945116175986 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3892,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=8115293945116175986 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3900,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4900,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4444 /prefetch:14
  2⤵
  PID:1128
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5016,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5024 /prefetch:14
  2⤵
  PID:4652
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5004,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5216 /prefetch:14
  2⤵
  PID:5228
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=8115293945116175986 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5404,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=8115293945116175986 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5464,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=8115293945116175986 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5584,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2900,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4240 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:884
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5472,i,17892458272139835578,522030131326348789,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5484 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
PID:5552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5152

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- System Location Discovery: System Language Discovery
PID:2076
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3312
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:5224
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5888

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2204

C:\Users\Admin\AppData\Local\Temp\Temp2_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_NoMoreRansom.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe

Filesize
163KB

MD5
ee743bc7055cd46c5dc436c2e31fbb2f

SHA1
bc2ecc65e2de6095306d752ad8d4005c0abf0a95

SHA256
fb5355f32b99974fcce4eeaf47eb285b7a5eeed743389ef86cd781227885f7de

SHA512
de549940080e22134a462061b05c19b71224f99d88748e161626c15c10b0e6dde73f614d2b73e7c667883669ef073da249066bda7344e8832f2db3f4ca771b53

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\setup.exe

Filesize
4.3MB

MD5
94483ea960f9bee9044e0a8ca31fc33c

SHA1
39e29cde48af84b3efdf16ffeacdc35be3e0e1e5

SHA256
e308f70103afbfac265121f89759906299213e88fb9802352695f8260bd3d31c

SHA512
d189adf07c6715d38547bd8873234d16596970d671ba3fb9c222d6a9aa10a5fc7cdcc6cea6627c5b0031b93e60e6db18e45b2661532873f510151a9b3f1fcb94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9456\crl-set

Filesize
632KB

MD5
15e642888f7a240f9c4c86642449f5ad

SHA1
d24b7bd6d06ee999d05776164e306aba73312bf4

SHA256
cecb66b924416eb94806f7be4ee3688b745f0c9b2bc5f1a28972d86071b4d72f

SHA512
3eb8024150ed0bff768a16d3df8f3ef0f204c6c755de3211e7db6270ab6c913a8c1787ea9caff14ca5c8d934deaaeb26da0cda5cea48a5614b95003183221c8c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
877002e858033af813f37162477f9a74

SHA1
f4931717d2ff8b9c42678a16b95c2d3328dfb1e2

SHA256
d18aad0531ddfa07169a8fc0981a7a61fd2302d96ee59ee626f69df951898e60

SHA512
5453457e05241477261b3c45c9ff3266c769a02aa76dc1aac7b1f2bf63cfc982e86eafd9080e5cdad0fe92b027badfeacff9661a3dba68115c02e76faf1d32c6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
16KB

MD5
cf22136644e3611b4a751f65931cc59f

SHA1
a661800b6e2269b61a4f1ac48d76b124ce2b4896

SHA256
532d1a4170013cf393aec16f156fdf16053aab3a2cc0f6afc6cb6234e9b0ec49

SHA512
2d70da3e86eed737ee6bab932a4bc34fb491fbbc6274ef5f401cbb9826186c8986a030829abd4712814216086fa5106542db7bd03f07ee20b03f34d558f60892

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2457bd8a307bd37ab0a9ca03cb3315fd

SHA1
1db28aceaadb648f1d4aee6b53d404b017fe6d12

SHA256
68c1d56ea6c2cd26aa7cd5219db2276272c1d85831d1c460aec9273612f40226

SHA512
61659f965dfbe43b915b4e8d4b2ce6c1e1eee4b6fb1e0a551886353242f88163a77d330fbd0a326d0faca3f09ddb999ac494583b5f61e973092599a4b37d6794

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
19ad38fcf0c0be00b444c4a69820fa8d

SHA1
ec79ab6316acbd7fa9299e5b50e9d0b66cc792f0

SHA256
a539f50d67b9d08fce30b584ddfbfd1125530490470440a47594af7fa2508ba0

SHA512
61b5bb439cd40efc81a39d631b05e6729c4235ddc9928e8eb94f86c0d9afedd07b544ac754fae294534609831a1fb7d9d53e21e3e72aafc4854afa0bb5c84e9b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
be22f2d5555ac75ed4b8a221abe10990

SHA1
d8771910c8066162f78e18b8aeb734957a8106a4

SHA256
32f5766f150e1363b5b60c20818e2e83e803c2026be4831a52787c19e94b973a

SHA512
5d33e3912a50aa036a11cc5f2388fae5fea449fa4a6b8986c45bb480c8b5a3b9a076a29087722f05dd7602183406933eee0704a8da6f718085e58eb082973308

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f580e52b168a171a6cecaa9539befc46

SHA1
c95872a843e62c0644752e1e8e5d7492b4b3026a

SHA256
eb1f785034afa7e278e1245a716d49c15e1006daf7471d7ff76a2f2170faae99

SHA512
b2e334e7674a780f84c7347652d21e4a9cea4aea62cd8a296618cf89bebef67ee56ce9d18d722a86db8d64449225b88e4393d9542914980c078a67995d48a545

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
fb99352fe39c58dad69ad0c6d9b56de1

SHA1
abe6efaab50ab90478b6fe4d538d2a4c03fe93a7

SHA256
86d9604f93d99b877827b54cdf25e7b64a10d5e4ec6978ee8cad587ae30ab738

SHA512
0730629bbe8ab0f3caa9e6e5c4a0b8f26a87882cf86f7a4354f8f3b5d0f1f84da18f3e721b609a8d932bef00e1b5b9b862f4b3bb24fd1962539e9f45ca8ef4d3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
23c21eb86d643fdbeb0627f7c8de3a01

SHA1
b42b7e667b3262420cb28a12df2d3a944ec57546

SHA256
e1cbcf0777cd3eba56838499b78242ae049cf766206b23ebc7e6b6454eb7fdfd

SHA512
41f593000dc86531534074fba0b69ad4d51857bba8ca53272f94682489ef0dd1f7b2134c7f5a82b21486f2791a7cc42a0a0fd47c91428dd9c3360508cc420c6c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0c549b6784460ca468daaabb684bbeb5

SHA1
c2740e05b1c5949463b276d22530d61ee7a20e96

SHA256
78a77ed35d69f8e04f555f83b5d35837700210d765e86429ca01460db3199086

SHA512
aba422540f3a1c68cd061728f135a82654b501c04311f760d3eb7de8ea459725013a8a7f6dd6f29dd0b10308014a8ae8344ff2dcefaea882266a309fec682504

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b74a020e103e26e0a8091d54f4e621bc

SHA1
3d04acfb564fe51c4b889cf72849714d7a994b1a

SHA256
1615a8590eea9a6c5c53597adde65f58b67f478d48f7edf4db7f03807ee6852a

SHA512
4648caf0c2179b0e647286754e035ff4a9a4490f083bdad5fe808967c5e0896142d964d1dc5c00c5055b7d43d2564990d7ff29ca4ecb2649873cab3edd9e6e6f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe608cc3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cf7023618ec800d899e2368f0af08da6

SHA1
65680acd5fe7c6ceb6a817b1ffbb9deae1cf1b83

SHA256
33f8abd5b8cffe2d87ef2814b6480854750c759820736307a7a1b34ce6fecbf4

SHA512
46e886e339961131ace103e621c25b95b65f99cabe49b880fc7e164acf17bbab75bccfc0ab88fc39c81c2c142bdf72409e7490a4fc09d69bda50125839076159

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fb441841f3234f70dd29b8aa38bd9f7b

SHA1
927c6e632f0d85cecdef8b1ffcff8adf71f2518e

SHA256
cb459642c1c17938dd4c74eb751176ab8a44ba2d4b1bc7e9b30bca2b9408f607

SHA512
e6f76bb4ce5d150f56a6b65f69503ff8e76f8a99307203600e3bb65233f957745c7ebf1e4bec196ebe89a592696ee216b8f770b30dc41fe1d4a9dff4c34cf766

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b8cda9fd02ec8d96b25d9912032974d6

SHA1
1d810ea1407fd1d1d43bdb7ddc47a8e5715aa1a7

SHA256
3b0235611584403b6ead53ed43381af96bcc6c09e59f464c85d30a4238af11fc

SHA512
5c4c82c78ee73643da527bfd243174d88bc30d360dc8dc9582b3fb52030b4b56e45a04fdc4addcfce5cf0ecfe067442234e2d520c1c96d3d0e3794d3a9f40e7b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
88d76ee1f82dd4d23c931a1322a60945

SHA1
a21e8243b16899e971b77c3fb9847e66d3f57e37

SHA256
c752cc8aa89b9222bcf4f799b8b2db758cd4044e461f377d92a829c0f74a8cb4

SHA512
2dff9944caebeabd0d146e2ee98fd02d716fe7aabddfeb962eb4fc3fbb911363271560b556cf0f9a5bd929bbc3c5394475c6bd8b76bda33586672c3302b61521

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
daa2631f79118cdeb06efee46d0df1f6

SHA1
5bc715e8947f0335d3a3e87eeced0cdce191dbc4

SHA256
141dbd527dd28ccb58e22375be7c4a987e20c3c5b37231086e896f4d7ee3bbb5

SHA512
766b3fef96204ded56478b3d3ffce6f060559855fa7e2808559baa88af7f2894ada97d369001229eb3659b2bb6d6919815741821ee43e9f1be7b8d36c881d8e2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
3b91e5fb5a6c0e239ea62f56c49ff28b

SHA1
dc87da18369cf1a91d7e56d70573baf5349c06dc

SHA256
f0c174842f1546b701312c035ed2fd1c779c8e9d554bb7e96c4aaf14c0dab02f

SHA512
c351b3421e39b3e84d624422e858202687ba951e02732bb2410ce64a4f14b8eb4418a47a2ecc5d49c4c40f2b809ec88331e1af8c3835e06e5669df5aca966d2e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04f3c5d78c8ac7fcd82374443ebd2f88

SHA1
a547123b56323e4e5a9ab22b88eed3f4223dec99

SHA256
c5429fc06e1bb6000645e7a0859e25b2b16523c72d448531d966ff8130b78d2f

SHA512
050ed4b6594d258ddff564dda1ab043802837dcabbba953edf643245bd48fbc7d5c918f428130fe05e2aad56ebead934529b042a7ca22582e21b0b7777066827

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
27f2b4198cfda012dfef4c69cf297a98

SHA1
f3b44d51e52f2fdf4c94bc061cde1eb1cefe67a5

SHA256
ab63bfeb8dabc842c1d849d402f6540ffee66c82ad7172716bc5a58e0c4fadd2

SHA512
816df1bfbb17b1ecdc9d8ce16769e97a190d0aede4f98002c27f4dc934defbcc9b812ac29ee5ad9622e6ae28a9163e2a987c590084a669a9b50eee501ed5f602

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
53a58dd558e760fd37efdbe669af23ff

SHA1
5eac822455550ac3244d225a2d44c7abe50fb791

SHA256
249bf21b94cbed84f5a586285bf144ed03bd2cfc984da13265e51232a8036cf4

SHA512
bd9fc39f6e162eba5c249f969a860815a3b3b0c4727ba20f36d27b13ab39d74dd5a9bb3d23d617e1685da2a48ed59bcb9947f9eed306117f761c77c042526cad

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5fe6de.TMP

Filesize
188B

MD5
4999629639c33e75dda081f667622903

SHA1
336510674e9521a6fd7b5f4e3d73d5dfc7226519

SHA256
34a55d90b4c1e76f21d2ae493986b51cd859c07e5340150f4d26eaa2d5e17683

SHA512
ab47af8d350e27d776faca4826a9642488b55ad1273175dadbd6fe836404c330f5a5c80bdff15f73fdf9ec3d1ce9b533354dfcd0f030ad118e7c33fc451769b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
20KB

MD5
d5098e63431fa49be658c4ee65f8dbcd

SHA1
b2a468bf6e3c5d6eb5690d31cba3d6650bbcecd2

SHA256
f2a5418a89acad9d8f93c6e723a7f0aa70128f31f167d002bdb9924ba1ab336b

SHA512
44af51f1b093f2ee86880035b6d74b51f2b6f6459f866754ac0db282b1fda8f9212dbe9e52fac77dd34dbf63ebe4d19de1b2a7c203e1d0ff4f5b11cf9d340a6a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
17KB

MD5
efe0c80c4787955c7899d6e6585d0e23

SHA1
af00b0b5e1ebb2a11cf9a9b19a2764ea641ec10d

SHA256
8d7273f9942bbc4d2675f104f3119c355fc86685cb5c2d0d767972aa8049025e

SHA512
846407af1151ed660df4736e91d15f9c6ee2a010e387ffec18bf44328607704b69393fc1efd26d1cc9633da183915b0ef3da53fc941f236e30336268fc56b432

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
18KB

MD5
4acc43d1e3054a120f416f2a74356b2e

SHA1
7265e497963881b0623c5d724f162011f08efdfb

SHA256
4637e63c5480ddf545515544394e9d089674506658d4f36b13bfc8a76da6587a

SHA512
0bf9bb5cc5fc8106405d94699fe0ea03f28ffc7a6788d6a682998f7c27e9233f6cc44ea2d8f9a8b795acd7e8424a22c492ac23e1ef98b51bc26a68b2a5540fc2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe5f8d64.TMP

Filesize
2KB

MD5
eeb00fd6f3bb18b5c9b704559bf5a7ed

SHA1
c0dc89e7421ea10865aa79b7d677e707764b38c4

SHA256
27a7f4413db0cbaa24dd027dbad7987bf37b03f6132979451d6f373f71268f76

SHA512
e7e1095ea2d455d088331034394bb7a26c10a1fe90d1670831b5b11712fb9a72523f85c8dfc9ca06848e374287b9bb5962fba17733227c95655d8f75244e7eaf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
01ba2ffac15f1386be640ea565b20cce

SHA1
9b2b56629697883a9812cd6cf310c09f2c1742bd

SHA256
3ded74d145b81c50423c5478d28befbcc4b6038899f6d8f4bd99562011ef8ad5

SHA512
752267af59033388b1cdd9c233e27faa84e483384398e5860a7f9b474e252ab576dcfaa5c8c38912c5ff0624ffab682fb2897886b217ecd30608bf6b0aa62a8d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\WebStorage\1\CacheStorage\index.txt

Filesize
82B

MD5
0f3bf5bc91220188c90744c06916bc1b

SHA1
f836e55e61591b7abdd050ad48b2eb6a836e7672

SHA256
814e95b515ea03645c9ead4901131060a7ac171345b916b695be147b21038d12

SHA512
b8bfd49bb1bc2342557f2862d321f00ecf7c3820026d4c721d6663c7526bfb78abf68e1171529678b4740f92357e127fde2f41cc321a76e03ec3c6dd4936b11d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\WebStorage\1\CacheStorage\index.txt~RFe60e19a.TMP

Filesize
146B

MD5
e32ef471fffd1472714c4235734e7c84

SHA1
0b41ae7374a0aff2a28a1d2e144bf5ec8515af0f

SHA256
b5b28e0beb4d3d16d160c99c101a437fc21d5fe91a2405845d207c2d85a757ab

SHA512
3975b936538a14f70a53cf043fc3433ca86538e2f063305569fa806560b99510713ca3f93647ea35d89c5443caf4b1c82a2b4ab5cfd258a5d07196fb34fd908b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\b17ad63e-f325-4bbc-92f8-220fa08b05a9.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\fb6a89ff-79aa-400b-bb35-cde57f97b209.tmp

Filesize
7KB

MD5
0e09ec737568b27c592c429bf4eb8039

SHA1
c127c280ea59dae8645f9acbe8b94e38938782cf

SHA256
0180692ba5e52dd2e8bb042e3a7494ac0484828491cfd7948bfc2b01086b9133

SHA512
a147f141cfbb560e0cc8a323c3f4d9772824883c40de1acf9b52b585b5c3f1a0da2aff4c26b5e0a0c4141870ae2fcebc7265c17117a05ea9c574eecce92b2948

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
54KB

MD5
34fb3eac1f3b17257c6389c9e2fe53e3

SHA1
63b8506b09cf87d6d68d9943ed2a9f891e0b9b7f

SHA256
dc91d5206ffab86a6a6c7667f51effb6236f1da7879abe3d0294fcc84d0bba83

SHA512
120c204d359fff8f872ce18f93299e5d53d37834bdf210d137b0dce895367a0621eda63ca064c1520b8099c80b40df24cba867e4af48b24eec62284c1a171223

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
10a09edee5386f0f2b599039af3dcbc8

SHA1
26af0446e2c1a8dade4d606ede8c1b65b18de025

SHA256
9543965392d1057ce25a76d23607474b108fff29b13ee23c1c901aba94439e7a

SHA512
2a7f7c040b324bd73c91b2f24e5c707d54ce19a5e068fc0b8e0b28d3e32f3fe2028dde861583c8adf6ef84a2a30003bee895cade3535a59e9b62b6c710d9869e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
0f2792b5d02df8d7e4f45e3fb41772de

SHA1
4efee3ac5e4edca14a59e11d228f4612464e85db

SHA256
5b03caa34a9c2fd65214efdbbbc3e0f8a8bcdbffe7fe5da329519213ddc17564

SHA512
ea7264118a10b86afd1e2367ce52b5f13a3ef8748c0f7bb88279da946c6bc215bf3c08870befacf01d0db7d461fa28d2b9686b3a4eed0ae94214760133891a82

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
02483b25669f7883a3b274f27f1532fd

SHA1
78fd525a7a266511a760ae2b124b9336e9da1344

SHA256
e9480ff8be515580403b4977c70649e35afefdb7346c93bdff271da6b88f015a

SHA512
61d5b8831a5b9b3f10b19c9a2f6f154563a556742e4cc82ff3fcc30e04ef9f100c9345eae835bf8d0b5a3abd397737e6b052865bcc69e5bc9f3eb1d7baadd107

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
ea5722a93e4d56be51df8458e0e6860f

SHA1
d8edd13fa401085a4d861b0bb1e1c3eff03da4cc

SHA256
3b74c0bf3ddcd9833ebea32707c18a31abac88a898a851184c5f705900e3947e

SHA512
44678a366101bf943bc3349f29514949fb38818b5039a09ab5974fc7000d5d8ed93caabe6d3eb569f4a4df329c55e1d80b6dd73e3440e553519b1019daf0f6ab

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
be831c6da98a66f5bb99daf2d2f71be6

SHA1
2b5b880deab130fc6e75fa1de355d8f5727c1606

SHA256
a63816da6fbafa54ea987aa7057456ea4ebc2de63a0eb9a756c41a43e76cea55

SHA512
a678ccd28bbdeb32d4dd87a56223877abda8062658dd9da7c64af732b155ebb352168c503bf5458f6a94c757994df9c087df691f2a756fe504f56de15f2ca69f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
f11be74d4323a91aaad08e9f955b07a5

SHA1
cb126f3fdc66bf503984d9651d31dff573599826

SHA256
9ef0f0663553760af845a7dec7f607cb2679290dc209bbdd4b6e630b2cad018d

SHA512
e92d7a08c1c39d8ca27fcbccfecb84cf09ebfe423f4810dcb69be91b6e8000d417ecf502bf88661ae3c63726851d5714541ffe7cb798391c844fb9ed8b5e7170

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
df2d14b343a16dab48bf4d86909ede77

SHA1
26da374fa4b20b53d6b52494b0471a8e918422e9

SHA256
1ddff7f063ba5c9c91e6762e27ddd78e3d6448aa942883469dd368f5a7dcbad1

SHA512
7f03ba9dd82b1f7ca7250683c344277b7037e52fc30f17671b1837656d353b631df1a807e9c15e006909073d7885c35622b970731fb6d49421da4f7dd97d0432

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
1d386750f91d0671376377a0ec7a2dd3

SHA1
3a59df80170fb50d2c3707785babac06774066a1

SHA256
274ed50f07aa20118f57372ba238be9eb78c052b2fed32e5c5690d171b7bc501

SHA512
1a5e37ca5f9116bfb1044e010754f0b25f00fcc46a24c7edaafd6a4450b0202c8d6fc68ccc6c684b510e97c170ffcd9f57d84222c8b1889d924b9659a5b53c62

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
d10a4ae515669d52606c30cf21e00f49

SHA1
a8c40b118a1e240d60f28d721e904d92a191ac9c

SHA256
7a3713a9bb77da2382aee85e10a8f106b4327b61a497a1a2e82bb50bd31805c9

SHA512
5548013141a4afdf39fe918948ad9be75eb364196a901216098627a16d36e75f117d91130a88e3b8562ccb4ad5141a9fcdb82e71b6d79c6cf8d1b4ce6a185c38

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
a9be408976b12e1176248b76dbbbd9ca

SHA1
a64014b1c2db7cce76edc7a9471b832286012d59

SHA256
741fab41d8a108cd730bf9f0f741becf2c567da061a5a3db8ebf749ac120cb52

SHA512
efbebfcb9c23bd2ac3370cf2fa496c035fc2ab4df9325a738e95b88e3df825fa031c89da6d6969a0fde4081d9dc4e80ea99ff01a42893db345744872f2a38648

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
3023ad844ab9f3eea7e9527e84027e64

SHA1
17899d1687ca62c443f4047f30105ffb8a2b561b

SHA256
f0e6e2bc7e5f26d935b09b4dad8e2250b5ade1dff0b347e56e221d3e143669c7

SHA512
07f731bef7441369dea5139c579736f1271e372ac9ef729d2a107787d25af021098610196fd5a20126076e803f8f53299993299d34b4dcecd7876b23a918e5f3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
4e16e7311bd0e6fa29e0309e907f090a

SHA1
3b5ce00ce9f074d629429b402d56ed07237862da

SHA256
0220080c1334324aed8abfb17630203dde1f19c322699a81a79efb83091e6368

SHA512
33d704e005de6226654d09b3c6f245fb9fab5216240178743c32241fd6aa403084c8a0408083058e32ad53a844afc6388bc3c478bdf3fd914ba80cce945a3117

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
ad4ab4b1f58b6ade26ab1efadec0e3e9

SHA1
ed78272afe756d3560380fd821da4550bb4cea33

SHA256
06e4f5d15bc54690a1c4acf744364ebf190fb3f5f14e99529429f593324d4b17

SHA512
a4fcde7e7e2f7fc0743c359f5c0a4d554103184c423991ed2e22782257a64d71cd5d151c1d7eba1fb0d3be078f4f4cd8a1399d9b239c596d043297a6059b5206

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
59KB

MD5
41964120d7bea9c2bb6d373ab5cfd819

SHA1
fe58d2e344860c91d0231124153e298f96cd61d7

SHA256
d37a549d6f7189659e9268f5f2a58694d164a5e387bc6e1b7d3c7b0aa62d1eb6

SHA512
969f60a586980d78325dcce3636eaddc54abcb0707d89ac149cdd35d25431f37970b846b475fc139dd787dc206fad0609102f2c19062d629a324a523bdd2c44b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
580babdd7d02def7f9c990f115ef524d

SHA1
cc14c733ee9765c73e9fafbc91c50d7cf6f0d7af

SHA256
b84368c30808e8f32d0d5ed389db1f5bd2a2bffa7344e694a66e31efb234429a

SHA512
abec0622ce87788938b0978cb7d8cf4361069f3130ef5395ca111fc02a3d717bd6462086183681977b62f128face85e43d701e0af8849506638b112c2381c964

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
ad67c4ca7b08d93e87a92c26945ec80c

SHA1
b56f8f21ad2894c3285cc598614decd1bffb1d6f

SHA256
0366ecd6bad5f99849705ed1c7b8e29287fc1abd015b8daee5e0ff6010d5efd7

SHA512
84a47ec681888813de40c3fe226ace15a99feb7bf6eb651278c9102d84cf0f2b30287773aa800e421a167b88890b724247a1366053effe8672af04df57d82510

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
55a7d975721b14170930aba3e41803d6

SHA1
85deeba99fe8f0a110473dcea1fe448c552ab19f

SHA256
3d2f1ea6a94a487d5c3b81bd2577a5f3ee3468d7352f119ac1608ac4c7cee2c4

SHA512
48b5db1231b7c6d30d76496220becc3371a1f6a779a1b465777e72b4e1f33746a655ba68292eeec2e9a72bc5b9d687c11139662f8efa0955560756087c7f7101

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
56KB

MD5
e57d9d6c69be0a7cae10665e9459fec1

SHA1
fbe9320b30aa2d5b4f1af1054a5769c515248f89

SHA256
19afd19a3382d02b9487f5280de0a6dd0b7b2331e970df1281160a3fdb2828f5

SHA512
76dc06392a388825054e0e2233f034a577b56ba90fc3e7072fcdc9be29b98326a7ea2acf86bd55eaf78aaba97167d4e4a7443ca598ce980e847af66461fb914e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe5f6616.TMP

Filesize
6KB

MD5
f7cc0cb697f22233fb7ed0f019e3fc4f

SHA1
46bcd065bdee9aeff0f0885f759f8b1a2f265659

SHA256
1b62f09ea2c0e0bbf6b03031d0845a47da84902e4a7b8f851092f6b27de3201b

SHA512
c67d3b5b31c21a3865ebcbe030ad3dac1c792b15c8842082fe5c41f0a2da9f373330ca0a71e30e49e294cefb318e7293e28ed9bd35397ea335a08dff14d26321

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\ct_config.pb

Filesize
50KB

MD5
46b4d311088a1b5476ef5378009fb040

SHA1
5f4e068b959d6b52a46f4ce9bbca3149fd3178bd

SHA256
33f556efb669f0078999e06d42d3d29393a3909e6775f3fc2eb59e28588b6c14

SHA512
3f85d8f6eaea9c8d39df16a527b9d78faa67549af4c1e4ae59fa7bb6bc0acabfb35ad808cfe94fda07e60ffcff26e0c0b508f39e1aa6ecbf63dd9da845128400

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.4.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.281\list.txt

Filesize
149KB

MD5
6b76b6417714bb0521be7ba195a44916

SHA1
b42078040db9db8fc4efb630486edca3d85db410

SHA256
63a90f3dc6bc1904e66b0ab8dead0467c7605143f87dabe920522a5decd67a42

SHA512
da81bc7635caf2872e331dbc9ddde58a3470838afc71320f64eac6c200f545aa613f76a1424d83dff9bbcd54a01036d2ea61f6534ace726f01c8a3cf9be6add2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\clean-urls.json

Filesize
18KB

MD5
3e6714a16e04d03f205a85f2563eb1aa

SHA1
a76641cf3a4745ae2e4426fb10b73a6af4f1f272

SHA256
3c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0

SHA512
05062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\debounce.json

Filesize
11KB

MD5
e0df2d0dc75d2deac9eebbe0ba8db9ab

SHA1
d0636e518045a34eb081096f86609744fa47ddab

SHA256
5f05b84687de1011614eb1ededfe23d6f98fb2be47ea1a04bae0c95d9a3113c2

SHA512
c086e251cac5c121b8841f0dbfd2a45af99991a8b4bf584727c6bbe7e1e52d2361d2ffeb099be5da937b17d3ea36882d7516ebb294b5f2ccd9959424c2a5a0e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1021\1\webcompat-exceptions.json

Filesize
6KB

MD5
54b1343eed0640cc4b415bd1ef50dba1

SHA1
df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba

SHA256
9344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4

SHA512
c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_Sam-Richter_x0825_WINNER.jpg

Filesize
544KB

MD5
f66e5fa138432af6b40849484545b809

SHA1
25942df987649a1bddda636686064d29dca799a6

SHA256
65b5f21ccdcbdb23f39baf036ae5eb3999f3e88e241bc57a3a4d1bf0fbfda605

SHA512
29a512f0f028b2c4e53f492f6a4fe27cc88b547334466341b08b70724b16e7eaaf70cb0308e251f404aa6b80db972a553438afc3894440e1b1ed0962ec7a5319

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10518\list.txt

Filesize
54KB

MD5
31f0e4780e6c1c701c06e2cae1e05888

SHA1
09d4b64450159f9e4b8c1a11cef0b6daa110f8a0

SHA256
3c67735fb26c98b11e9b86ae99fd1e77f58edf31faaef027b4edf76e9edaf1df

SHA512
73d7b2b3b3f36e28e5459205bc38d760b1f932ce091e46a4aa89ffad0c44da4af0e5ad5940cbbd938572001a46838a43aa58b214ba9aa52a07df319daf30cf9c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.11675\list.txt

Filesize
1.4MB

MD5
4782642d304609354fdd56e61090369a

SHA1
dea42ce0e2e71daf75c36d1e8875e571f88de703

SHA256
dc72fb464ab30e7aad29212b41118444fbaff1a07a3a69dbdb762fbcf1ebaf8b

SHA512
59bf809ff72951bfd2c8831be5f6d71e91ace8f83c0f32b4dc024e125c4724bbfbccaa0f6afeca1400d260288ac997c36145be860d6f2bc2c8470eed95f898cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_c851d38174f9e19e8ca8604730bcdc3fb14e973e5e288d4d5b3dafe3584b1f93

Filesize
50KB

MD5
e2ee3abc76f54642a1e6e02b0035e55a

SHA1
2d2f964f7dbb248009d1dc31b7e0194b7a140ae3

SHA256
c851d38174f9e19e8ca8604730bcdc3fb14e973e5e288d4d5b3dafe3584b1f93

SHA512
915f70f8c301a9f5f46138e965f621e5b361b5d569e168345a87c0bcb7e1b48e6778c9bdbd37213ccf1e9bff8741e51f4396f3ae3865ea7caadeebc2e4a78359

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_a2d8ed4de3d36d622822a456a50d3d1af489b817a9258c85e11bd0f010664e15

Filesize
71KB

MD5
0ba8ef6f2b4463b6ea5dd0c429a988a9

SHA1
92963fb4410455c423c332e210d3ce25aef8bf01

SHA256
a2d8ed4de3d36d622822a456a50d3d1af489b817a9258c85e11bd0f010664e15

SHA512
962fddbf9abbc63432377d693b0b82e32f4fc565ddf6ddb8fb7fb6518bd9491b9acb86b6647f6df83e4db3430d12e766caeb03c6368de5e8d4dd3f1f4cacabcc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_571a8f1b10c44b70488eb71a42e4d30efb7fee3640bee0f7d621bfb36690a48d

Filesize
18KB

MD5
a9bdc4ea072026f4b78d35619e1860ad

SHA1
2428fef4e8442cd2a00465e93eb7727062a6dcce

SHA256
571a8f1b10c44b70488eb71a42e4d30efb7fee3640bee0f7d621bfb36690a48d

SHA512
db2eba6474e5f0be6af9b8ccf3375a71a924abc1c35a36fec130dcc86806564d97374783eb9389e089702b8325a7d1f17b6c0859198398cd094b422316b59f71

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_d540f6967b63cfa035628da67f30359a4f30089a026074974cee8b3e4e48391f

Filesize
412KB

MD5
d134e612eadda7340efdc3a927386763

SHA1
723fc332db5e484578e81477a75cb2936a2f9ab8

SHA256
d540f6967b63cfa035628da67f30359a4f30089a026074974cee8b3e4e48391f

SHA512
a98b735d05505b925d9db756983e77b15ae7f6047476027277376316038d0ab1c0d7c9296239bbc2d98c8c569c4b85f995a99533df514869eb0f59d46c932cc8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

Filesize
150KB

MD5
e1900863188285f81af2e44329c5dfc3

SHA1
fc1234b818d73e3925c9e308644c39b7b0a1eae9

SHA256
9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

SHA512
be5c29c05ba5a79118e5b4d3223c27b50a00e89b429865267cc468a447fce91ec6e27fb5efef108e362a9d5722ef915cbf453199253b8b08560247be2566ebe0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_ad18e8a6c7a0ccd7079e576a808a701a5ec64fe344bbf02bcae2a53161b43da7

Filesize
512KB

MD5
30535c209a686025c0ef9dc2a9e2ee84

SHA1
99bbbe59ea66b96a988e921a22612256e464c0ad

SHA256
ad18e8a6c7a0ccd7079e576a808a701a5ec64fe344bbf02bcae2a53161b43da7

SHA512
d116a0e9a9c7d9342587fd3953a61889efbc127f46387bbfda94bc788a8d6bf7b67f2d0193cc2fe7d05200a6811820b2c05ddd0ab284ce785aad77329b52bce4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.02fcbe9bc5cc84cfa840f47dafeac6b31d3a786425130162a2ec53d4915fbaca

Filesize
601KB

MD5
cbf2f39ab3042ae6a5e016f2bd82dcdf

SHA1
2c20c89d8795fe227cfc964915e4742a9ed0e420

SHA256
02fcbe9bc5cc84cfa840f47dafeac6b31d3a786425130162a2ec53d4915fbaca

SHA512
2de3de8ec6278826d717047aa304114b9408fb0956742a362ce99aff654787243ff9319f4b1c340caffa644674da54c156edfabfc83d13638c73ee3548d7af68

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_b4fcbfdc9f88d36d536ab45ba8a5f5666aa14d4207587d47c103f899f6f99704

Filesize
1.6MB

MD5
9cc12100f1c07043ac24656331bbd5e6

SHA1
03c0be07ff5a8074508cc4456e545ea7f3a313d5

SHA256
b4fcbfdc9f88d36d536ab45ba8a5f5666aa14d4207587d47c103f899f6f99704

SHA512
4c0ae9a07bca918e1b0a4c90d90762cf1e17161a009e95471b4915765809ba4dea23e4281e6dea81147a05a5933dc2c5466de51c306fa45bd503be7c499fc187

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.f21a59184fe4a151d88be7fc17155de7749b7ca9fd926b442906d722951bcf43

Filesize
9KB

MD5
834f1b218698e9303e139c7abf2f7f23

SHA1
383bfe4fe21cce3e0d7c55c0e44f5294e3f17d57

SHA256
f21a59184fe4a151d88be7fc17155de7749b7ca9fd926b442906d722951bcf43

SHA512
cc07403c621e4f169360a02df9960a2435c7227c09ce1f453910b72220cd2d3ded38d953fc82b5125831ba0f7095d2448fce1b07d3316b06ce8850f5a1ceaced

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

Filesize
77KB

MD5
1068b68cfdad67e39e13fb7b97adbdb6

SHA1
d3dac92d9c28b948ec33699ff69ae75a900de6cb

SHA256
e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

SHA512
da6c4d63d8d22e231d5101d93429a3ecc33c89d62b5fc969c7276816d79f8cbe45a16652507581480edb83b61f0e1c57f41e4432f6fdd67c878f38e0d4eef64d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

Filesize
5.1MB

MD5
ba2dd3578e017160515508a271b9f664

SHA1
b5898eabc9b14b4d2b296a757ceb5468a7ec1e69

SHA256
fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

SHA512
5adbc5de11e3b153781e362c23464daf543970ea693f0ffe43dfa393de6cec13a54d74a82182db1263c59664722fb5ae979345a4bf50dceef8441544e0d11b79

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1841\photo.json

Filesize
2KB

MD5
4d4e625857a93978e93d63fac38f69d8

SHA1
857f062d0197ed13c3f24d55b14163a72df00faf

SHA256
82181ae69ffb870bd43cf3adc4a092948b743b4f221666ddd17de19fa7f0a246

SHA512
9641efd8df5386d3dbbee6987f9c3a987a7cfc15cce2b087885228573a29c6b00a6930e75a16206fab29d9c57990e71e225e3a9e55e2a0f621b7470b25ea1135

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\manifest.json

Filesize
552B

MD5
caaeb1d76bebae56fdc7cb19b9e8c857

SHA1
3c5f1f273ca4c3dc49a46ab83f9f5cb8a184cf65

SHA256
fcd74a3383a0cb1dc9cbc54b9afc4c441cc81e2ed545fc0fe97473fde8993cbc

SHA512
4869fb8935ce305ea63e51ffd7c3045769ff32aa6be326a14a80cbae72b04a1aa613615c77cb865a25c45d33cd3066a669fee88b8ef260f6165d611ab244b687

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.9921\list.txt

Filesize
5.6MB

MD5
14bfff83e8bf52d56a493122b26b4309

SHA1
2588127d132f529af46e7f4bf684fb969b8d82b7

SHA256
d4da5f36ccb20a9e04bef1c1591561c347781e53ad6458a01a998dec0d515907

SHA512
a0e343305e06a5827a105d36fdde5808a1e69a45c7eb0d81f93200e567b1b13d9d6fc96013469a6d75ed49a906de932cdda9dd76fd43b454ac98b0eab4c9a2a1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9065d9c5-90c8-4ca1-b0fa-2bf568ce326d.tmp

Filesize
228KB

MD5
becadd142d1aa3f1df10a671e2da6163

SHA1
7a9cd4c261f9904d7a3946755613aacea48e3b9c

SHA256
264e3ed16063b6a66666b2abdf7184c3d0aaa22070ceeaeed7eb79bb675a743b

SHA512
8bf5bff80081e635a0e589c2d321a504b686315f9a9775139e3eb946b29787ba29725379d2269485c961cf9ccab20b6296e0207a02e8681d90dc30aa88c5684c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
46b257e2db3a3cab4fe4e8b36a53c612

SHA1
2327a773bca75530bc9bd7c74ef0ec3acbf99adf

SHA256
e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

SHA512
6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5280e4f6-3192-4287-b8a1-432e07472395.tmp

Filesize
11KB

MD5
d585d64f6331391799ffcae0a7c8c983

SHA1
68856ad99e75c0e71cae3e9e70a14e51902a8d9d

SHA256
04326b5abf7cdf87ec4b240370bfb9650c826e26ccd8986135f6adc38f688fef

SHA512
2db1b7627ae359f04127556eab02f1034604e4445edb8ed3db1ccbc52f2ab68085e98d6c364cde96e92992f1dee023db0aedd528e021676838ddd382cfc68601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4776ee7c86ba89036b07f6ab5a732ce2

SHA1
7d684af77412dec3eee5346108df2a804094aedf

SHA256
4a4b1f6002a47aa2bb179abb1c10073c2d033ff9826a0ea6c4f940e765d08767

SHA512
dca9fa35367ee9551ce6b4ed37840771dca9d8c4aee556811d95565094048a67dea4215e0b89961013a3ba1ee0b9e13efc35f14a7edaf4e6860873aa0c00132d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
24d67ff2e2cb257dcc9ce12b7c3a8ecd

SHA1
6701646ed25a3aeeb8e81aa944f105e3edf17aba

SHA256
c6405c6362a99f3ee0dd47b63eab9d7953d262c6c676473166ed9bc2228dc9d5

SHA512
35487448bb14a068a22bdaf40ec2e132fca033e9416d11ccbb879428bd963ee2e89582293c5cdc12a7196e58e289047b494a583f67fd41be5b82a666e2c0e3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d7fb246daa72e82c31177466d1765629

SHA1
58e5bb65b6e40cf6629acd66c476919cdfe91cd7

SHA256
32c672f08532a520874c074cc835c8205d5a7b1423cd5eb40617195b8817f7de

SHA512
2c4539f63de8420f61ca7665d5a8e950525c2588a5d51ac679d48f58df51cf23ef98f653d69f27527ba6e6ef2106d08d50e83f819e688931b72573f1fa436c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
41edcc57b5a773265e3f10050e06fda5

SHA1
c1bf44ee2cffb52a5d46c290922809f78060b439

SHA256
d6712918759ffe42332c55eace562397b5c647c48c0e729c1a1f9c5be06ba068

SHA512
92fc40e0078ba9ec1736fa45a77263b6f0b1bc503234c8255027d14e9f30159b741f8ad2cb61eb143224ec69ce0d891e8ca46d283fc0cf91bb46f9260eed9a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c1eab8b288d259b5c854724b90aeea12

SHA1
f2c20ee15567d8741d102e0153c73a94a2a7176a

SHA256
bf80b6fbfd48ad04705b6453f6f0af30de8f98b8339a3fed82351cf51f3e25f6

SHA512
f1413e6635421c8aa8538aeb602346d0e9093119a3bc02b78024cd16fb550f36e09f0f23b5218e372b5cf8ab7cef13acbd6d1afc4847db2d65c52fc6701038bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
26KB

MD5
3db01f3289b7517e321aac642a91c7f3

SHA1
4d54518f6f94dbe3e4e0cd7cc0d13698272d197f

SHA256
45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1

SHA512
69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
72KB

MD5
6573fa734a767ced8a61ab1cb80498de

SHA1
898a8f3072fbe5d531d9e7494502f79d3bd2b72f

SHA256
3d297a777e3011263070b2046a3acc03bd20f91cf02121cad25c548701b1e22f

SHA512
afc2ca349420d9cef554b277ea88ea346e2d5d3f92bd6b32c8412ddedf4992deeb5a2e431f886c0ea652baad910d98e7545a9648c5440a0b8665b5e690dd9a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
115KB

MD5
715d593456fa02fe72a008a72398f5be

SHA1
e948290773216dc1b50c2121314a8cf918c22b54

SHA256
c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e

SHA512
1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
42KB

MD5
8f038b3b67853e640019cef8a3af37d2

SHA1
842914af90c44b8bfe3c87837a42b3249571df08

SHA256
f773aab87722d70c67f475812f29ecb3e07fd1044adeb749faca45521b848552

SHA512
4a6e35f06c4fd74f735e46860be94b0d3af5cf6dc8588f07a538d3a35111467bac1aef74b95c875c61af514f1a210010d9f63b78cf30daba19270155eda12b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
40KB

MD5
0a8e8c486b0bb61c3c23416e6a588966

SHA1
252e2a2ead45251cdb7fb399c6c2222b172af9f1

SHA256
34c411a3ed4cd8794df0d90bdee0c4be247d885b8e3e802c3500d940d12b3323

SHA512
64791cd31c27d1b74c0f5c47aaa06952aec7fd58571016e52ee828b74b23d477d104e8c44aff8f3d223da9746d40487a9011ae63ff8bd5276c6b09972464b33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
35KB

MD5
92f06aa40d1a5ef41d43be9a536b2d69

SHA1
da85917e1f8845f54d6e8467ab8a6b94f80c4cd5

SHA256
332afac8c265f9edbbbe663954b3f3841863de002225f5710fb702d4cd42be00

SHA512
9c39b49ae446320a40ca4dc0edba19863c4b55e11129143d0c1383907e24da9c59bb90de9dbae0f8012c4b3b205d7524f2c1c08640f9b224b3e75ba41033a0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
79KB

MD5
70c9a987d699209881c0086a9c4c1071

SHA1
5301d88849059aae00494f3bd91171b6be2d9bf5

SHA256
c49bbeb0a767a374d56a99607a030c5e0b8f92120a8544c3971179bdbb355d28

SHA512
95e1f25d89a444bd7e6d20fdb6b306ee96a531713fc2323db2db02bbc59bedc3496a8410ae0a3d308ed9cefa050bff400c70019362e1d9b29188cdb2a01e1939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
30KB

MD5
af72341edf10bbbf8f3b4cff8cbc40f4

SHA1
8477cb167eb8b1cd50bd48ced335ef2626629dd5

SHA256
778c03404340e07f54520abf4344366cda44e4af461d083c06ee965d12d76312

SHA512
d133fe72f71cb2f6d973b3e1bb2ada1c224eb4f959743ff60cc501ed8c53deae7449b187e18499723890dd410598803f0f3af38bcfbcd0d781a90123e805c146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
21KB

MD5
bc2bf5a0d24fd3813a2d88e07125a1e8

SHA1
cc8a9b7e046477084e2c1f7f64da1916e3ac9053

SHA256
806f6696ec6f03b1bbd0c39934fbd0505381f0e8b91ce35890cf3a73050bb5f1

SHA512
4483170a019f8a6ef9e312aab95a60ff77adaa71c75071774d3925bfdec41c96879cc1128167f73dd466a9f0c726f5dcb632e0e4af4ae144d85818cb084d79e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
57KB

MD5
629ee52c100f27744ab1e4b9541087f8

SHA1
60ca048bf1a68d388718d6f693a4aa5eaaaaf02b

SHA256
e1fa116c6286856bab5e80f757992e8355f7c64a24f61d30c3e55a2d56a07b7f

SHA512
3b0ec7e7c1d7dd012e011bb4a22bfa259d7d0300ab26eb10e138e8792a5ed228d497ebc0d1e7427a386279e582c1280ad8b5a6839ae753f76fdbec38700bd67c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
20KB

MD5
ef7dc225c65c93295fdcd100f3bd2eae

SHA1
d869d57030ebe087a5b8a9a58c17fd9a2709dc16

SHA256
4e016e9f68e5204e11f09aa8b3657158a8646c2f0030d10ee2a94b6870b7b6bd

SHA512
34bc51411dd585cccacb480c142d6331c4ca920fb0a5bae3d586df7f5a825534b2458a5331e4c68bf8e6d3e469cb42cf7bd4ce9455eb7aed91c9dffe71dab652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
828c1f7a97c5c70657e84d2741e2d4fe

SHA1
3f5c4b03abb336f133bad078062ef05458fbdadb

SHA256
5950fac926431222bb3fa509414a6aef9b2df48ba72d356b0b07001094aed93d

SHA512
d2bca50c040d64c50f6c2739a206ee2371b283c19114e74ceea1fd86e173d2af242d3d68167c4660eb14ac3eaa4261877c4c96c7dba3c3fdeb9275c7a2f5bf3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
52KB

MD5
5000ce4231bd6f009397a07f7723b94d

SHA1
694aa5764ee66e3ad21a49616aeb68f2698e5774

SHA256
9aa8444a693ab83a3e793739081c54e3d61fed4a34cca785bba2e2baf65771cc

SHA512
fab8da43c944852a0d0bf8806276f397f3910aadbd68dbcb9c3c6f5a7f4b9a2ad2552f78d6aef5ca4708fa70435113131c7819bfea03b4c96152618093b3a638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
43KB

MD5
3c87eadfd4974ab2ffe96007b14275a5

SHA1
4b47a5aa8ab97bda846c8fe6602534a61a77aeda

SHA256
9116f4bcdb68f352d21e066117af4219dc536a67a9e950959ae5775becf0875b

SHA512
caa7b1508e2a7c44d88f4ece264ab9e27308378d81c23670fe8779c78deadd9d0fcf91342930b6440d42e5ee0e2557c22fdbc41ca869a2b624f6c257c2456a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
49KB

MD5
d7412540b72967519f29e575bda5e4b6

SHA1
1c8a25b9d17ee7620ac428199545943cb9340796

SHA256
d689dedc3938e81b060313d4e347090711afa0a145a8f8254fef7115e00c4a9e

SHA512
0292c1528b9e89766c8dac130a1963d8d91068f53727dd798c9f53cf2674ef4027a5877bb5a7efe66ca401eece7af1d470daf58d60285d02c40b1a2bb71d04a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
45KB

MD5
15932e5cbde0cee0ca9fa16979a8af13

SHA1
a5159d66990b70d9fe1447cedfd39d43b82614d7

SHA256
95e6051ae6763f47f3d15190bcc0f6bbde886c83cb7d47204d185983bb5fd28a

SHA512
33bc5fc8730cd145db142895eee205ba127a0e76ad1f51a135b608c128e973c83a84be217319f09e33c3c467c70032d7b130168c84ecbb8b01969de72a651275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
25KB

MD5
07ee2c043b059d89edcb8b12df7ac1c7

SHA1
84d6ec575fa44f75a3e4f69282a9bf6591bb0344

SHA256
536875af7612611cca7afab2fecd034f20209552d4dfd1154a423f49a7ce163f

SHA512
e6ad76f31c19d41ada34bc686720fcd51217a0a1b192e2142b1629c806ee8dc7dcda95df6578407f0f567e8bd3642d362383d09e53a7d7ec82bc812306f313a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
25KB

MD5
2d99fb67ab42b0b5e5ab460fb4c790eb

SHA1
d052e233a0ec21722e788196b1eda0c7073805e9

SHA256
69b045fa6a3316e045bdb270258753cf22a2e9585cd80626995c7801d2e3b417

SHA512
5eab6dc53b9b2cb869a6cf111feee5e7a818b8c96fd888b84776acf70b1968ca917db485d6d95b3b95c4fae61ee87507af7edba1834c91979123b562be03cc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
52KB

MD5
621b762ac8c6de8ab6faef64f9958ca0

SHA1
9a78b47e20e371ceeef4940e1f89a15d2de5a60b

SHA256
8dc2121610d8c85d7e4015f30c97ff64e633d718ab35b645b7a1e89dd9624df0

SHA512
74c4f4f14c3ec3d9d7771ac83f14b52fd9cb01c5ac69a9b936dd3f7375792742e64a8caa19325827846ce6687c495cc09b8dc1e2f431cd064d6646492139015c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
29KB

MD5
539f8bbf6331b62b98a6424970b5e5cd

SHA1
01f2f44ec61ead237412563603109172d871fc71

SHA256
e7d1a057a8c59ffa886a695fc5c505d8b707c0c9f931e9b7360cd018d7815b5f

SHA512
f75ad47bf2b79e18c0df0e6f10e9aad3c57f17b2b313293ee95923030f46832c7a83fea1c1394db40bc22bde0351a1a4189c1c41c42e2c73d94a5add6fa0be5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
63KB

MD5
3f2af740d397f15ec5e8eb7b506d0320

SHA1
831f8de7cb922b34907e90136286cd5c507a1080

SHA256
44ae783528b5fc14f3c5affea7b6d8b1333a0404712f6c3b3ef71173808c5625

SHA512
8bb218f6e7e44490623fbe05c50b07936b5c7eee7725a7156de489e1f69b688de643be3fbdf2aece30bc58c61591f3eb6b9fedad2932cd3889422ca1a31837b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
39KB

MD5
ae83a14b7efc96e07a3bbea9414d84aa

SHA1
e1a123415d469b9171618897668e11f84889ee99

SHA256
a5a9e054291dbb8ac33ad864c480092db5a428972187aca5708b23db63af4318

SHA512
af74587624cac31f7d59c4eec7f158cac9d38fa75eb1e5756a5d59e70390ce3264e22af1ddf496f7a2bdb59702d244e11c91f31aecb76b288aeb9f8f9a94bc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
44KB

MD5
1d8e749eb5024189da2c16ae6e52b9d9

SHA1
52e60b8b34a97fd655280aa02074fe8eafa077fb

SHA256
ef549df6b18a698721829b7966360546458357b66b90dcffcb963b0d2716cdf1

SHA512
9b3b09e18989b5c580da9794d777845e1a125eda734d08f2cc632761188ada0fdcd16719e1ebff546e38928133213d139275bfafa4b707752159d9bbba0a81b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
66KB

MD5
3a8c224b1cf69d788029ea3dd6eb2a80

SHA1
06ff5ef223ac8b55212a0dffe8b898ecc801535c

SHA256
e1329c747c233b68d3edc6b52748cf5a8f530496ef74e119d7ad5e88390e755b

SHA512
e4ce756230b65bcc09f38560cad3c33247255be4ab0096db76e1744c920e9a0a6be1b35775c8a999eac1ed8799ca83973aa8dfe05c6f983e94b5abae9e11f9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
37KB

MD5
3c2c9a079d633c90b39d534d52b00349

SHA1
f785abec45a0593f5fe64475d106beb598b8c98f

SHA256
2d096eab53bfec940174ceb8a39ec6db9be8c701f5e851ab8e9c121c88f7128f

SHA512
79827e8c9fa63bfc71b4000311488592e3ad1070ba02cb4f67b52e9e019562b34cdbb9a83e3a7c1bc21d95ba21030234031f202f9cf802a2bba2304bff7785e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
52KB

MD5
d8012bb897e0880ea46a01526d1d69d9

SHA1
f9560d31cf9eaeca1148410f7f4c90c6ed1fd9c8

SHA256
138c3cfb727bc4d239374810b9ed3fc2c1cc8e16cc486df9cb09a3da73c6d2f4

SHA512
773be30c06fb47e010ac05f9436640bb34a978e68732108172be53fa2b9d63bff022721aa27aafb78c4fe20541372987dd72be603cfa9bad5cb92540d2325375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
45KB

MD5
9d49a81110b52806c7b5e5b6ad3ff661

SHA1
ff47af503434714297c40b1b1103515f568c331d

SHA256
988714ec60e770b78c6c821ec45ddf0f9b6f6c7dd53b28c042bd2886f320ec53

SHA512
11889fce591fe4d998a0b674a63d6473625fb0b9356aa8023c83d3d9c31205036a1473ea44139507d26294d1395ad0a4c2a0648fc40be0435a17a650ced05b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
42KB

MD5
6d57d3812dd891720d3370eb254a9e80

SHA1
c98df40cda4d91c67280ecb03876b6a0b3be5e09

SHA256
0749ec3568f933d4fcad07fd28fc115cdfa3cae28552b752ee55613d731633bf

SHA512
469e6c4ebd0e6d44dd49776eebeb519967e35b4e3ae7a94ef78828853ff9f2263d45488eef8fa0f4740d0f31d3811e85f2334877c91c1435aa77fe4c90a0db54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
38KB

MD5
efeb86b58cc3ece9295665d23b19b0d5

SHA1
a0d1b3ddd9fbea5068b9399835c7ba3cd95a368b

SHA256
7408f8280b77ec6c6adb62e1d9aa4be11dfd0884894efd9f995c087e0f96f18c

SHA512
6d219af0e1865f1102fd325f083eb5ccc69eaa15769d4741c1ae4964fc83da6f81949431e6151850b1598619079f75630adb28f4d22d60e5de24c61fe8955461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
58KB

MD5
78755690e323698467ce29d4c0244143

SHA1
819749dd272be09b768765f0c104ac4045e13afa

SHA256
4928aea91df4f9cb66a7d5e9d6461ff2f3bdbebdcab43aa747a921152b051237

SHA512
3cba3fde23539a46b253c64bfc07a283a705357271ef2e95efc4cc72c7b4c0ad19bf8790bb564788b6322ae21791bdeb268238f0f60072dbc06daf7d9af83522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
31KB

MD5
79068a60eae15372c96a6ca8137ddf79

SHA1
ddaaa934740f4970f0c2e82d2c75a59518524923

SHA256
871ad0f701c3515a8b890225bc6d7b9d8b5200d0589e8a601b4bfd1684935e4a

SHA512
a42f295c40140a363059c1a0f74d2884c3226f417ad33eac6629658e25f85b9da59a00f8c983b11be1fb88e16298e2a592b92a05568546cd80796626636bdabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
38KB

MD5
30d600cc9931f3abf7f2231ffe683089

SHA1
7f25bb053559cab7dca77dac7da1c8f0adecaf1f

SHA256
2dc6a707fb48529d193169586f105f72c9bf7e11de7f158da20db9bbc1ea8760

SHA512
bee7e9c2a0a705479a7b735285fa4c50b31569041ba0d794ba742c28112ff210ca19362d4354a62829193306b2f58be86bb46eb7360b33ec388069c3a7ace9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
39KB

MD5
868cdadc1b624a183719a87d4e376a3b

SHA1
88314fb04e109cbbb81cd58361903d1052d5c7cc

SHA256
74dcda0668f2549fa1825ede31e61c4fad93d04f3a13d67343667681c01adf3f

SHA512
e17d76520582fc8176323dcac56702db63089f9732a7c96d6319b5b2efe7a5c68f0a3bb7d72f79c00f26a7cc11277649dfdc38fe1f965ea2c7333c6f2cab25f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
40KB

MD5
2c418a9358c78162e6c28624cd2a7d44

SHA1
c8a8f175443a615644533aa49bdca485aa335cfb

SHA256
bce30d5255c73156f6386f6eb917abbad396931249d94799581a8f2ab975fd3b

SHA512
c544799d17468b986efdc83b2e633a408fe5154a1e2393cfaad4a41c68f78b8367110304cea2878567c61d71a479383475e058522c10040383e0930a73caa096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
57KB

MD5
67c644f4df0524c5ad4683e0fd5f5348

SHA1
c4f4b23029740d330be4ebb148b12c8d7103321f

SHA256
65a0426c0ab31ceded0fca65e87c6f53c7e9a4f327068f55c77ea9678836e87a

SHA512
30e9711b5e04e9f456d4b3c62477583271638c68107b0ff5e74ba682fbbdebb3689a54471313b072205a89b3cb4d2698125abd304089d8bdeaf3ab033656d071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d62f54a9f132af6_0

Filesize
280B

MD5
9fd2b18d14f5a8105dd244069d9b60c7

SHA1
f2f438a0128adbcb1d4f7fd73f6c679ddafb4a47

SHA256
9af9ef4ce84ae4cc8c8cd8aa75e571178c3f28d1c7474a12db51da5f1ccd95e7

SHA512
eabc8f3bc79c1567b60f6eab3c6dedba52ffdef0ef51dd12648ba035805eac9e6c68b0ccb123004e5f324f5128e8bde26df636ba21fd0452d16db1df8a5a3e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\98d0f944ca12f4fa_0

Filesize
19KB

MD5
cebbf7d1712d3316168ccf2ae3e85d9b

SHA1
b7abcead76dfa9defff184bb11b534d4fa8237a2

SHA256
324ad2ecad7a960b3084a03ec8b639a69ec0c51029b29c4296f5f697b652738a

SHA512
00d5409235cb5143e9a26c0b886cec38833de33d8544f760d44eba390354213042ac179f549193c0578c2cc1bda344446e479810a913bd6c7e6415a6d2277b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0ff4cf7e7c30fa72178a3b2e452c347b

SHA1
c58b0c08d94b59d682c826c4cda997c8edf3c4e8

SHA256
3dff4ee830a12a7619a7f311a561cb6ab83275dbce1cae1a484e4aa3b7fbc7ea

SHA512
80a0930956f9240a31063d6dcd5ea7fadbd4fa1604aca6f6e26347a83f4906da7ee5b29e02194f0d35ab9ab0456b92c89b544d4ab6b82cd945234fd7740aea22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d3f0b48989c41cf230597a2f18cd5b74

SHA1
bf086ad14edd30e5c85c30facef00bf62cd5d6ed

SHA256
6c43b575bd7937ff6b1884fac9b878ff3355a862b224fbc1f55cebca45f3827a

SHA512
33885863db5ddf57de9360ca8f545b3a968fc5f8ee0341b8e51b131975c2a3770e594155feccf4294649d627d799f257ee3ada0af17f5c71752435efd5eaf17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
5c209aa42e427df3810e3ac27125a72d

SHA1
aa28a81b47d2a0708c8c5ce375e55d0990c57aad

SHA256
6c24a7a12fa42387d307c95f98828c0d5fe68c9239a2a9d377a0069b409c7fad

SHA512
c861bba25fd1b29c2e7647f9ea3daa73bfa1ed48cd64f0e8ef10837829e04d4a037deea75b4061c546a4f854f413f3019979e133de63411a3b2e1b0d6155562d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
6c7c5643512ac9e02e30ffcb1f1c0501

SHA1
157ae8836e8dd98583ee6055fdaa29fcaf5f3830

SHA256
1251c44a71abd04d90c1e0ff040ecc79abbea88b55b29a9ef42c377518f9913b

SHA512
96fdf3380cdc942796d065789cdcaa4c3c5cd4fee6d08dc8115b64a528c9fbd60dc52fd799267c11240a1e182347062107aba680494ce901cfe58d76de57886d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3cfa6d890b20719071e5d2e832c09fe4

SHA1
8abc606e36f9b9fff2e095234eb42c5373082d1b

SHA256
129473aa4c43b69cd1142e3fb20d4712b203d94e986b5177eb7e378f5d557d74

SHA512
86d1282bb8be54afe68513577b0f239989aeec98e07f513f3cd0fd1d22b5ccebbda495cf0605006a02c592bbc2f6d26c68806a0dd26012a677a4f5ea80a9cb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e03a91a63760b75f378734c7f2b5ea5

SHA1
2b8b144ef346938f7aebd0d7ed7cd6c0f3888f56

SHA256
b368bdb6db02d9e5d24fb298d4137b8723280e0c57fbee88e30c97a5de74fdc2

SHA512
59d8ffb13895de8433598a95596bd4f9369a0f357d388fa37aad465068d0a6f84875908982cfb689091057dfdef58938dadf18f464fcbaa0696147aa8c2aed75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a511dbc37efe1ec93f0e7f81690f370c

SHA1
9b0de488976161ac4da86e8e6e01d0d4c44d53a0

SHA256
9b6850fd81f32d724ba351bdce47cb8ac41a3fbc8ac19ef014944964bfb58da2

SHA512
29102e967594cad805a4448bc7f096a19668fec3a472e5412e18cf190ceb3eb643e4763c7f07449d98d83900ba3031b331428685b7d3a8248670ef8931fee706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5bf2782d39058ec55de9aab39dc247d4

SHA1
b871440d81d4290efdc028d1d4f8faa97ca9872f

SHA256
a98cbb3e8b109a376c450ab84f733c8f12788f57fd7c9da50fcc9a4cc0ec2af2

SHA512
a47700701166e3b60336190c447d5f989de6faebc11d7f6871d99ed009dfe00277453c3b2db1523661d2d28ee19f79bf02f377c927649b3cf1d95fdd91661075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
f3c9fe0723f1af6da264eef0591c3bf1

SHA1
8be67ca7e4061b807b279ea0aea57734a5244a82

SHA256
1ef848771449942ac0fffcc8ac581e89e7310845527b43136dbe85d989015ecb

SHA512
8c7e8d044378554aa213e272f2bc66fd92b220cfec2259a4f8feccfa5e14b846239568956a309f9c46a8e38ea79d17da35043b6d6ee6fad5f36ca4c0c23e591c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
f5c9281bb68c537a9d452524a8c183ca

SHA1
78f773885c910762638ddde9ad02509387288d40

SHA256
58c000209dda9063ece50e47a9afc93807581675e2bc04777838761bb715781a

SHA512
c15793d32f360c71400a9a9764d60a9388a929fbcdb9e8bc9f175de162ef0086fdd951a0cdc309d13140991b5364225e65ec0cc9a9a1bedbd6cb2d239e515333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9b2362f39d16b127d9ecb7638ddfc40a

SHA1
bc5646b884b71324e1623ddf6020b5268b371857

SHA256
47ac99f43745739b75ba2dd4606bad21b8da69e79c21e7530940a3bc28edc2cd

SHA512
5a2839fd326f25b6e7cc095e0c73c61418bd9567a2308fc7b7f9f69166b2d67cc6053f630cec2f256b2048fe0206325df7bf881cb56d96006f3363b0b4fe54c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dba237922a28e4829c2a5d75b22b8579

SHA1
f9bbaeb9e72f4bd7fdb6505d2f21a6644a004e1c

SHA256
c527636152293cb491dc6fbb13e0c1ec0fd056b26c70e2403d936c742a150bba

SHA512
786d49c209e70083dc6a606896b52d2c6520f1425c0e0cf16ef4f3323ca58c60c5964e92948818f2cff83cc222a92a54abdb09ce6c5a4c17b01da5439fba22a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7c96a97bc9cb4e2356ba867800b22893

SHA1
93dfdc5c390c492037a90bf764d759e094172cbd

SHA256
28e4266c50af7d1eeeae4e330efaf062f867eb7eae832c151506cf3f4733758c

SHA512
ded2446c3986a9ce262067fdc0739ee53bfaad8439a6afac2cb7b767be19598465a9a8bfe4ecc86a8a81d6ab82916b9ddff037f16e80b152f8ba7fe76f040610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
df402eda3d171dac23ee7f8ea3c73cba

SHA1
a0e915e9a7d1a2c95d1c8e4606676c491e5329c9

SHA256
5ef61a5d45a196c0af123d78bde95e073946419d65f0bf41cc950a577fb18b37

SHA512
951ee5ed745f37d17c94666054ea2fa8430f2a7508aa392859cb393e1baa62c4ab8b482492c29ce6914f7922a0de759f7ce50eb2f3c0f65198cbd9877b6e334d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
88d221059540d0fe4c1d57e2918030ac

SHA1
8d613a0c31e79a2e888ab77932efe68e52e5e8f5

SHA256
a9deb3d4f9bc6e794ed8dcff8069706db3f791ae46789451f48dafd336799d67

SHA512
fbdbb2d4f250bd6d52d36938b29ba032635533127b708eb2009d6bbccc839afbb507e956bca25016b526b88eb45d381b9de3bb177c86a4db7ffc4454c4946c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a0d596d8007c4cda4772eed07e523ab2

SHA1
c06861dbfb843d294653dcdecbc7abb746fd317a

SHA256
eca53f949cca09d52b38d0c099842c17279143acc1727f807a6aba4357855890

SHA512
ea9be5754f18f7eef31a6e4e66f43e50f5f77fac5809a13dbf74184ad6a11a5d11be96eaafeb7dc98d55819113efcf1c07464da479b52ffcdfbcbe895f57bfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c1895b5bb9b03e54f6c38cefe8334cf4

SHA1
1c188483ea8ac151c5a2b89b27b6933528702d41

SHA256
27a394835add08a279770b7fad6a9d4a83edea618bf9a75b26bb9737a8b0db59

SHA512
68a3ccff0ab9ad005f62cb290234b4823015012e1f9b350afdf8bc016cc0713bab0f5e3d3c9059a9da47960d7766fb13f2095d6d68d1d512f17df3ba5d47450c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
2ee3de7fbde3110185cfac8f32727064

SHA1
d951317827b32d81c4c66764e87a59da890188e0

SHA256
b02486044d4499f7a196fd4436c40d860fbb8a337511a3cb1d3ae933a279e677

SHA512
24d69d62ac605bee8d15c020d34f509cd7e441222df2a5ba85709484f43515f70f6d65a10ce66b44433153c62522f20ce09bab5d41064fd540b4a543cf76db4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
99f5119715528809373a4c46dd527bde

SHA1
b557b138975b3d0f01fe55993a07719f24f53004

SHA256
656e70f99cf6494c2000e43be8033dbcdbdb3d650a8872f1c8a3c5f1576bf041

SHA512
91b9a83fd73bf6bb73ba20ff6d02a17554506b850230ba82f376e3229f81bf6130fbf742d813ac2258428d6d46e08c031530e015b3dba568fff77475f4f8211f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e78059e2a5946c580d6df97a9247e303

SHA1
f367d48f9349c4c6980d73dec6fe67f2300687d0

SHA256
d0d6ef337d89781b2d0af983b18627d7fb8deb30703ff6086d95bbcdb8cc212c

SHA512
6721535d90e7835d2635dee1779741034e279fb4f4fe6808e485ee7f9f2c093c22069eaceba67d2241e814ae833a2015574cd1d426cf99b7a56446101ee9816e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b0e60ce691f9e490ca0846464a16ded3

SHA1
505d45b7e493909dded588bce5668d10d3b7a898

SHA256
fe69c218c1c1ec715fd630d8e04754337cb50cf2ced9c91c9701e1d70bf6a136

SHA512
62c7e7d6da6e21c65327ad733c0185d41fa7e5ac727c7aa13d48fcb5e94e79ebe4c90b20d33ce6a6ed70bc2c3ff81aa0dae18a4a410d8509a17c62ef095deee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abea42129deecbcb9daf3d8b0108c3b8

SHA1
352275c38dce3027db95240790e04ed6e1cd99e8

SHA256
dd372f1b91ba02bde17bf16415fa8311add85e6b3c95d3482d48f6c6dfabe0d4

SHA512
3a8a56102f2cca11b3788fa435b16e9f95a645faa70d4a0e31ecbdc93e0d9ab93b8b2ae633a3c7656cf75668d78f25bd8f8b3c920d89f54e774463db33a9aba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
beb0acfa4ecaa5710abee729e31fb795

SHA1
e8fe9ceb540345fcdfa83dfe10c3e4511d0cef1c

SHA256
6716965734428306022a61f21f33a2e2837fe801b4b937705c9107fb6fe11e9e

SHA512
febd533932206f4ab10db0727ac3f2b691569bb28e45abc5e3f9bf1beb146d69231ffdfc691582de58b8a5d2855d03e99ac5e0689483a19fed44cdd8d20d7470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a022ab5987f495eacc36ab85be1e756c

SHA1
ab02d661bf1ad4b76cc3674129f3c6bd049b3e25

SHA256
95377feb9fd2234d62adfcafe3edd5ed721fed33e8a0ba5b275b31e4dd066082

SHA512
a46ffe7a7ebfb44f4ffbfe7747aac7d6d719eb88c15f05e5b3915b10dd5d85467416abed37f4c32c0350bad12c10dafb708d6ba062d66017f40d4feb2212325e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
976ab239404acada44a978000eb88cf3

SHA1
f4cc7f8687d789bd456f639cc71425d9d0e72540

SHA256
5dd19e51a77bbde968ceb4ba6deb7a65677dc57673fc6fa9b73fe64b0fd9add0

SHA512
dc3f36e76199c9d76a7749d1d37998e1b3c5cebd7fa4241a3182776f364d2de8d246c8c5a41ccd58069f959de42d602099c9ebd94099b29f56fc65d82e225501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
407c52f488f30c6f487e32ad84ec2b19

SHA1
7e6fe76870705877b384a201f2af3218234e4160

SHA256
65b24ca2fe5807f2af240d25dff1f93f3175f79546929c7d7ed7fc34abe40516

SHA512
35f227d8eabce82e6e07334f4bf553e0887bb8fbbae31165522991377e116aa2f694fb7f57b9face4e910a16da5699a4ca31a5f6d7fb0f22f13ddc1b3de6482d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4d64c279e1590371d79208ee76b70c8

SHA1
2f8fced44cfd0a72bb98f4e63e7170f5565c0655

SHA256
ef7ba33368a790b8916e13b407dc95a2f3d7242be169140a343d6601ae590b7b

SHA512
bd6ff641274e311bc15d41ca7bc2aeae7bfaef9a2662997570d928052055e75adb985c3202018814125ba6ac0c6f24e2cc45ede348f78e76a0b3900a47e7429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
784cf585f8f74b6281db590e443c1c47

SHA1
4fed74b9d1a90103eb7d23cfbc7bd5cfe767c039

SHA256
81a82f3c5818f5b19b7e0623a28c514278b6fa8cb0e3af86759d47e33b6b81e9

SHA512
a21a47f9edb73431e2759426c86eab2ea9229d05aee55a8e12d4871ebe8d2ff15f894649defd9bc8f177463fb3c6f0157e1900c8324c2c06b693912d621355c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d541fbdcff907df17c41f68106011bf9

SHA1
ec9f2cf711d171197fcddf6efd27c36429e228e6

SHA256
c77c5607b04678a77f2c7db94beef92a2d4568d14739f21ea73d00351871aad9

SHA512
39a6c3e63b1790feb45c30be978cff31d1b837e673f6e0fdf72f7b389cbee89903272dfeca0cbcee23b70ad8177c133cb293b61cad92af6a3b58160f8c89c932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
267a0fe4772e271a9d1e5d131d1910a7

SHA1
74f37375a2323453ca8d23090f02978863a2e90d

SHA256
c2bf08f1a69d0718ae25ee0c91a48a0486b757944b15f4de713647f2d4ca8c9e

SHA512
12d59a0cc163621dcd8528a300c05be71835c80033b737fac222b7d0844a79f4b3f7d4716eb261c145853b63d05607059af1e91b367a317fb20b6af45f62c803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47f5c79d87e7c0ff8bed21b37c5a2046

SHA1
2055121ed6a79a16e94155577e23ef54b4b39e70

SHA256
2ca17218ca7926a741511763511124b527613872d5fde9cb819ab359e721249c

SHA512
8b28e6ad4de733c12e5fe173e4d0c859319ae6fdee1c1484e71c6696aaebd194575d189821d90888f724b536222c270330a434bd22ee3a2a449b24be7f31bcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c771f21742c02cb6bec217e54fc86713

SHA1
1a24fc65ea9695964a0b321f9efe415ab1d4d77d

SHA256
df34b2be96df71d6f50bec85bde43c664a4587d844b31a45e944f13d05efe186

SHA512
2e33084fd502500822b8098dbfeca97ae6a50feecef6ea1d27c85ace16247638509cb4d824a16054319559fc50f0ffcebd45d65e6f8638bf636be0a5f759c3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf5cc4bc331a9bd5c1d764c5c8e71ef4

SHA1
a9557e1b5f8018001e664b9c4847942a7004bfd6

SHA256
9da8318ef798a12d935b38e4db86d15fb307939bb9c83430e0dd18d799615b8f

SHA512
b4a9266ffe6b8229321a7159a400cef574f2c8d25cf9e981ba059d1c9fac39ddc5db3e905ca115901d5715a454744fe5f7bb211e696868f29d913ca30304e903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a3517631ba46d41d07e933f53d47c33

SHA1
7bdf44cb126457093dd897ed6ef74a447c1eb70c

SHA256
8a9feb202ee348cdf63ceec55fe38884a334d0f3cb3d2479deb40ded49dfd8cf

SHA512
1c74afa43dcc27277e110a7dbf490dbfaaf50aba17556ab3d9bc0a3224c280cbe7b6b06a7bf42699f7fdcfcdd9255fee0c9376509fdadf17849b317cf588f96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f4c2feb7571c5b797c1d8680d49a450

SHA1
c19b878a7332c1b9438f18b125c194431a798d29

SHA256
c02601d31f38920dc1b1cc47d8471864540b25a171da896ff2845818becc430e

SHA512
698f438db1f52a2a5e1262179e47b32a8f35741059ca7aa5acca2b9dc18664fe95ed3d8ae93fc40866dbdd8836626de18dcebc95cba32d956df2900c657b6201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
929887f76728648a66d5a642b4c07d49

SHA1
04163d6fb121e963132eb97cdc2f4366ca5fc12b

SHA256
ff816f8254c3caf6e3304b3f9b36dd04fd680bb1a7f79b8503153527006fbcc0

SHA512
73272278d558b1f416ba288f147f1234125c6835053b3f8e38d39bc5de53f6f8f11e9596bb860a4537069c0a93a5a8b07d05127ffba1a6b94dd6c94d5ce3c28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3262b30127beb9e82d0cf75016df505

SHA1
31c12f11790fdaa1cf7c528f8e2353258a0f309d

SHA256
31bb2bbf36591592b183ef291f4960f187503733afab761507d34e6c7a0a58d1

SHA512
6da725e2c2c9df2c09b9ebb0ff4e2566850a8df9925f143f795f27865d9bf2bc9411849e37523825b59b464bf53de271adbe280f01ff7d323f30449cf603fc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac033a6f4b202ff3331a98f3204e7036

SHA1
4e8671c7fd14d35e0547a3358ffff3dec85f2ad1

SHA256
d5dbd0cbffb60216526090fadd16d3ef33baad1455dfd9342f5cea81eb4eeb16

SHA512
ce97b112c0b0d84d988205c84fb0c9b8d65303cf59a3ea68a608c25c01bc147275ef0a8df2689c782274a0b2db2adfdffa02c839233c0bea3f3475770ba216ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36eeb0e22eb3a0510446cd216f8ae406

SHA1
686b3d1a66d3602f34897be2d2b98a57f8f923f0

SHA256
5bd357086631e96e7823ecf785ee247480a87a07ceb9b29f5fb3001036900ad8

SHA512
a0b3fe9f776c8487e63119ab258a5b1cd9fa57563fd6425e3400111a73b526130506e82fe6e8fbfe20b375d630a9fa907997a0faace79aa056220de1b402849d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbcab1fa15c4f6353f8289d07532e7d0

SHA1
a459c8592f1e9767a3364eed660928fb99079f28

SHA256
d0a4da22a3e25d1125b9564d68a556738e6b5d9ec9862bc5945acea2237de222

SHA512
99ad49ba708f6c8873151d046dfe72c07ae263f6a9f37a3cad5cedafd5afc0cbe1a5f384736155a621451b8042bd133516a235c2805a50d09ae4c18258147ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
75beffb2470c7fa1f8405e416b637f2a

SHA1
05e6c95ee19a6cd7ac52b6201f7cf4e85dde58ba

SHA256
2619afcdc428c3677bdf347ac17983eef0b6d791d87a316f16a86595cbee0007

SHA512
f9e73c57bebe4acd995e9808793eaa908d9f1d99958aac45bcd0f59b923ea34d1b7cb0d3a024764a0d061669c4748acbefeeeb0225f2de1a3a8f831883da4cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
507a4c5c0c3ae8cb1169be338dc3f496

SHA1
70c74f844404c0e991676cc15b4c001fae985dd3

SHA256
22b80b44538257497fdd32c8763d0a92df8e3533a03c463d40190c362019e073

SHA512
14f561251ea32030b979cb03e6caae1f4487b4eea90ea3c5c0b304536aa0ce8ed57f9e26ebc3af8573abda3d955603fe5214d9ac884d63c8dcc04d10554b496a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a85cb41a6dfb43870eb38cdb8795dff9

SHA1
f9b113a637d01807738805ba9aac9ef39eac3127

SHA256
8eed859a7b4a88f367818aba141aaead271403421b14d407319513e862bd624e

SHA512
61b1882e085476b9084c2a9ab9171802311f9457e214f57cb1f82722b9766da6c42f65dfb6051a21cc195dd72785795f57463a922c74f4c027b344528acf5e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c9e685bbfc243af7a31bb36e4367548

SHA1
de98ad1f8e562db97ec35924d5a5d7511f472100

SHA256
4ff26955c2096d6a26461e84d06fc4034240887b53fb9ec17c37df595f734690

SHA512
25dcb8fef6fa2087ad3e1c6e7e8ce4d26051cd93889fa9f19b9d297fb74c381818535c06f8b82c2750f47032f7a08f98cef1a95fb44317cd075613e543184d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a7cf2448662e965b1e4862e4ea4c15e

SHA1
9db41b62558fad2e884efc5f75624937a3e3f15d

SHA256
e8b078c36307aca05fc491f7fda2a285eb7f641c698dc21496766a7f939c1c15

SHA512
b4cc3216a8c25afaedc60ddaccbcf9ae186203635ec91c7a3d0a5d87ac12cf45943d9d5ff4e95ea6cf22509650e12b6114500400a22cb6afb306b4848d03af55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
81df1741b921eb0f2d2c15b787b4787e

SHA1
294fa3d12078ce6db22742d9bd316df19b66165a

SHA256
455281050ebd7651fc6718d725f335fb39e7989f7a0c89bfe17de92a51e101f7

SHA512
164409e82d88361152fb9f8656952778a1639b446562dffb4ed03370fa39b08e95f3c861a511deea7900aef0e26e6c19c62d0091a705ab2f314fdd1a6b761423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
7f192a9138d88677d7c5dda737366904

SHA1
5e2d4505eb1d759ce3fad08cb2affbcd40c384d9

SHA256
7292539163c53c20d8985084083faf473ba1a9981e968866e1c7777870569e97

SHA512
2cc68bbad2875d22c57dba38a82dcc2c6ab466dd5234a643d4a2e97794c7d242026c42792d3e10604c2a592ece97f0429da87b4f7c4f0e24da80609729672405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
55d495f4be67d6892a2d235a2f70b86f

SHA1
864bd8e95712dd435ccba4b9c0f4c3408092fcc0

SHA256
b86771d50313f161c02b3ac125d657623cbe9f8253e82d98f84529ac2183cb52

SHA512
ced8385d042c5463baeba15e99751b3ac33d1abd200026097e9230115213c952cc0a741fb99032ae2dc263df50d26b1d29ee10d0545fca04b64e13ad3de0806c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
71ec55fe5eb941780dc05a254829e1a6

SHA1
fb9e5681e51e2a94396ad468923c3652798bc5d1

SHA256
2cbdceb1fd29d551a7436981dfb3ecb2953832b93360bda60c6f893ffc9c14bf

SHA512
575bced399fcbd09d1b3d459c5b36b377cf96c954748583a6da193353b96375c96e8ae05ffd54ae18c59e0fcb48fb3654303ac1635df98b4b7928bc43a11b278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
b1d8d98d48803d830ea6c084a0b68feb

SHA1
89ee6bbf887cb0d7cf4ca65fa76a7646b9caaeee

SHA256
5e5dfaa49906673ebff964c724e09f41a92b92c8078df35e2a59a2472a908d08

SHA512
ba20bd3c48784681f72ba6041d5a2e8a66bbd79af4150caa161142622386c802f775ebfe99e394f19478fa0d34cc64a832737133a827c0404aabdf2d2fbe4d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
56f03a62c483e8a9a0c03304b120769b

SHA1
4f18eb6715975e1981260608cafe6eedb5d994bf

SHA256
9d95a98cf8ca32a442a3205354e398d12d20fb8f41bf1aa590039ad9f321d784

SHA512
db4ddfc5b541f36daa43a21a64fb6dd477223eb8e30fdf18d2f580b4b7d3230d616bbab538484d37ca8a7bc13ee273229466c2706f7b046c1fb87c57ce67a157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
cd3dbe009651d342debdae81880718fd

SHA1
cf47cbe380ddd5c54d86aadb2bfc2fd548ba2e5e

SHA256
1085a36039fd7ab3f317bd23f67124ffb767e4a68557b7aced5227f3b5d93440

SHA512
96a52b55ba0d462dc17e650dfe3b7722b517940313568d708ffddf3aa3a1bc343676719e3b9a5aac7c1602c0ecf0ab12ddd78b8ef2824fa09ccbe37b99eea193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
48ce57811241c194de43c48fc0c66f8d

SHA1
9ac285b94b41a732ab15f90782e0ce9295ac455f

SHA256
2a8e8adb3396b3f6ed7f0bf5cfc6e99ca10e5707b7badb40af65d095a79b703b

SHA512
e393d55876beb5f58f4bfac708de22f8f12607fd83258bab1d94ab3b0f348049102ef721aed231539f6f9c99c220681db771a58eaf42678d35732b4b5ab27bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
886d8f1012d0675b2870295471b2bc2e

SHA1
18cb25313edd827d5549be7581cb185bccd9f4fe

SHA256
f1909774bd2206ce47c433aa067472e54a1a02645160ea36f8d42c98c5e7b22d

SHA512
f271a6c106aec213bf334d34c16b8ce30bf6444feee9cd7288bb272fd63ff99d9813d2bea75dbe490cc1e24d73e24f5d0910a7cd5ece1746fc14112117dfe757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
01d869e8feddcda111f529d359f55e1b

SHA1
6e4335543c0808f58350ec53c02e15cb02d9943b

SHA256
5735588864b5dabbfcf0ee634ab947c871c73109111650890076aa94b76262e6

SHA512
164508957123d1df9fabcfc2b535c20fecb3c6324f79d0b7720a41bb5516d857490ca844d288283f4b60ceaa7ab82910d89d65bb1e98d0508b8e6bec6e902ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ffb871143a0b4d4cd6bc335c940dd020

SHA1
93468da86cfe5dd4b8960bf157d35d52f513b2e5

SHA256
35451c3f51f46d7ef47170298cf8194d1ae2e17005cf1c2487a40aab2e0c9de7

SHA512
d8cec1228fcf46b7f50a46c62c4668a71c0f4f37c531ca8f28d7803035ce1ed50f82a79810cc3f46f2a9b8d1bce83072343f80f42d4bbc702b25c77cc550b8dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
94571a547a2476d0786bb8d8d6572e82

SHA1
176d7f0b732c79eb4039dc11565bf662e8432a7f

SHA256
f6f3bef1f93c58f85ec508965486033440c44c1a95bdff0d6fe8e9b9ec2c7213

SHA512
bd2f6d480137fd67ee41aaad81a3b21a4209b85f75e30a1746721ddc06b9e25c9a08f79fb70bbf2266a0293178476ca786c991b5c5431a12e331d7eab1ce63eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
94a3670ae7efaf4d3d17096064dff19a

SHA1
273d5cbf137308fd1c6ed311a92772f6bd341741

SHA256
d25c445a6b824fab9969f13cd36961aace7a83bbe8140611e9ffc77e6d35b38a

SHA512
a36c205da8111c09fd1874d25fcd70b208ba74aa6d510cfa276ac35ce122eafcd62827e13e483b6e082c2c7b8f09dcd9bd091f2a0d0665971832f877453e4b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
451e954f6a0beccb44fdb2af8afe9179

SHA1
39cd90f955b00c212fc49157f6544aeac4e19f24

SHA256
23909d74516860af80c5258fce248438ee665e96749cb27330c3145eaa1d3023

SHA512
5a5776ed4a0aeaa167a384f811899635840dad7e2c0ab9575aee538a446561ba31be48257b086448070adf5ba135979bca3bedf81ac2e436506959c1bf92f22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46dc5967554fcfff8455abee3dbafc9e

SHA1
210e69b97872f6336f3ff271a0c9bf0b867c2b3c

SHA256
dff1974343c22c045ad825a3699f86f0181db94deef1c753f57eaa831c154e4a

SHA512
eb7d5124d536b6652e53e16e94d8514f1fa2d30099f58193fce5555000a7a930208507f070e921fa015651c534998170c83e07ba4d5b97f4d28d77c111b145b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9331637302a879ce6ef70b8c8da7206

SHA1
78286ebd6fd7b0381d2a50a3ebd3bfa9a8cf2077

SHA256
6c706e25ff96c91b628cd4609687d58d8bcfb691bc9b76f762ca686bb7f4d477

SHA512
ef87f4273d8df97be8e98c1f71fc76a6d7ed2717af972528e7539550034d52da5c046b22e038867031bc7c35e32ccba95ca9aa35383645126b71bf5a01c6ab21

Download Submit
C:\Users\Admin\AppData\Local\Temp\30fec0ea-1666-4ab6-a7e4-bd63020cc5f6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4924_238891408\10c432b3-43aa-487d-b749-c88c28e68203.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4924_238891408\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
73494e5375563984bbcb242dafd54fba

SHA1
c4e68f5f20f1bdde0d0738889f7f3dbead00596d

SHA256
24262521fdb525d93db9eea8b85e2f09a92e00188d1f5535cf43dde3c2e36876

SHA512
3bf50aeb6993140dc6262b4c47edc760e699adc7588c471354e5c16b11dd03f2c8e64045827f915208ff97f762bb1d014bc000ac5a9ce84beff86db587290cd5

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 538438.crdownload

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 824479.crdownload

Filesize
1.2MB

MD5
06f058eee50645758a81e8842353f372

SHA1
15e9010bab33f1733ea41b7c45d2da5d74ed721b

SHA256
854d06a90dab54e7b69882925886fb24be711fdc21884e13c77e29048b21a098

SHA512
920d5b6b902a742551dd0003c3feab430c3648a36850ceecc33f5baee365bf3f938420f80695618e1ef604daf3e215112938a57f3a7f6420c286ec430e89d817

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1061505623\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1156822317\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_136806126\manifest.json

Filesize
584B

MD5
bf65a4224fec367166423812dd35a0bb

SHA1
d7a4d5cee9092f4d208e6a24e0ab02e6cab8e73c

SHA256
3f27cb27ac7a383bd20010078fca5c9db522636c4e9a33245d40bcc33cdcc6be

SHA512
07a42dd0d469cd694923e9b3e784fe66b21c6e31316ed22943bfc54b1778851bd6064361e8a9f73282d00cb28b73b714ead1d55aeca2fb5d1db6c744a2fcb74e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1384447834\manifest.json

Filesize
578B

MD5
54cc165ab27365e538f3533f7409be30

SHA1
1c40d83bd08b989503d0a57f206f656f400d3262

SHA256
b6a7e27f49bc6ffba7cd4d83f0122617907f4310171e5fd4aeb84c02d855e0c3

SHA512
e1f51d6eccc862f8331a2018164b551977f804f1e01908431bd53d82ccd4faa25dfbc65328857c98d63ee521a6dd886b325cce28787a1afc18e9c3bd402dab4b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1454991225\manifest.json

Filesize
546B

MD5
e8a231cd05616f1d1bcf0cef6908284b

SHA1
a7a47b1bcfa15545bf134d28c1c61baf8b2b0038

SHA256
df9fa32f3d7fc940b4d9f1c42b1d604d0351422fffe997fa6114862f9a502c29

SHA512
d0240027ba22e9401de4cc3e9fee64454e707ce6d3b9d6d10b20b68b838a5f317fc74e2a8c62e5809a0126dc111375f6b7a5ca95b672787c201ea0e9bf826450

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1500486209\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1611004662\manifest.json

Filesize
592B

MD5
c0f5c90aa7edaf47e04c1519b516ef13

SHA1
f15c269c617f7b115ec969e311a3028e8f4bb1c4

SHA256
6a035cc61f3fceedb5015966bee15f2bc85c1aad9fc6ee342430844de602c8cb

SHA512
5de77f58ea801eea9ac32803ab767f3b50b1f1d7a6efa211de1f44c11d0540805efe360620fa548606903531e0ff66f61519026077c8a58df23149250908e180

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1689277430\manifest.json

Filesize
73B

MD5
d0d700d97af7329eba4106663e78eef3

SHA1
3edda685dd4c1784f4367145b4bc33c0931a3f52

SHA256
e8d45358e5cf9c0d78c905f62747c374e28c0b3104fe63611f795271d68213f3

SHA512
28c97cf9009557bdaba19edad046bbe1b0dc6b1c826402beddaa19412bf854fef8bd58f9faaa5091bcd43fa55c65bb69cbad9d2b9b222185e6a3cecddfd3650a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1707901821\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1778701037\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_1821750539\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_2084438679\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_349465931\manifest.json

Filesize
595B

MD5
b87180b7b04d741e100e0d2a5589ecb1

SHA1
d0445445d423c44d1ae950f30408c4656f840565

SHA256
13ee7debd288fef765e19ea48d2fbcb08390b9d873fd507c0c41c2d16aa5a540

SHA512
d3fdb94e12059f834f87fdd161a10ac4da1196ae7102498899dc65a979613ca0dd25a45b2d33aba14d6e2b2c09d9e9c7fff253e2d73ab8e3fe002d37e94e6b59

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_366784878\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_42204557\manifest.json

Filesize
108B

MD5
54fe5b510967a920d1ea789be84feda6

SHA1
35c9a6f3ccabee0e1e79248e740d0124a81ae5d5

SHA256
f16740e1d0d02d2921f777589d1d81fa1843af65b3854fb5286e409ce9d27baf

SHA512
f4d1a9ebc785cf9b27612c03347b0a0240412ca460ed078581000544f6ac607f4b46a4b3c34e134242fab37e5959522553c60f42b656d36844f7fc285d09a003

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_428594284\manifest.json

Filesize
95B

MD5
bb821c7232f0a147003061d151c6f84b

SHA1
0ac9f760b86e8af0fbef1d3b8cb7f09a632dc910

SHA256
a2f7ab02d50ae6ba146304c9a4640d4cce351446a1bc8c9f6a122abef354f188

SHA512
87255afc4cbc4d3b92cae9961a091868aae4d8ce9b89c2342dd204a25f7fef30abc3232a93cf5711f2534fea3b1f43663f9b30a39a332b3db24d491a606409cb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_632437660\manifest.json

Filesize
107B

MD5
26c7e7fe40033b23fa11952e14526a43

SHA1
e905f18aea8a40b4c101b0d442c7d4db43462673

SHA256
b624989d48bd33dfb41f0396f6d61ceea585715a56b9e0415c3cbdf4a00e1c97

SHA512
d2b48c94d08780bda219a5dbbaea22d7d99377d26e937405c31aa45482809cf3aab08d3318b154f4bbf9b484b0dddf74f840ef746c16b57412adca0aef08b284

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping244_679321945\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5976_1520331007\list.txt

Filesize
1.4MB

MD5
413a21463fc9a099002c631d17cd7cb5

SHA1
876e74c6c8bfdac7e8c17dfd1d461b0526e8c1b1

SHA256
5dd3860fd4009699c5b713491b2f68bfa1ee7b040d2e01adabeadd2f5bc7c022

SHA512
8120bcb011bf61ea0d6cc7ac840b544b5d0f32a6c11499de6ae885b5cbc777cc440b676a42f6b52f4fdbfd58c0ae66d6569844454dab85a51dc25e2545286faf

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5976_1520331007\manifest.json

Filesize
578B

MD5
2875fe113be6756f313d12befe11e4a7

SHA1
43473a6ba7d826df2a38ad6989625af8cbb502eb

SHA256
a5a3e45ae8b6fbe9203a80071c7249e64c6157fcc1f5122d9be841d5bcb32327

SHA512
14a54970b2ebb7543aaf7899b9c19d9c9e4652272f859681e899d2243d37f9a841f54d0a87a3c546ca5376bb83c76e0c8ad7e961804df2abf79405e287167d36

Download Submit
memory/1476-5471-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1476-5473-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1960-4421-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4431-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4420-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4432-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4426-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4427-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4422-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4428-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4429-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/1960-4430-0x00000215AC5E0000-0x00000215AC5E1000-memory.dmp

Filesize
4KB

Download
memory/2204-5459-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5457-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5482-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5479-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5476-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5468-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5465-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5456-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2204-5458-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/6140-5243-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5248-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5247-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5252-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5244-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5245-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5251-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5249-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download
memory/6140-5250-0x000001A7022E0000-0x000001A7022E1000-memory.dmp

Filesize
4KB

Download