hxxps://gofile[.]io/d/YHZWCx

Resubmissions

08-01-2025 13:44

250108-q18hrssjg1 10

08-01-2025 13:26

07-01-2025 21:25

07-01-2025 21:06

07-01-2025 20:29

Analysis

max time kernel
673s
max time network
679s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/YHZWCx

Score

10^/10

credential_access defense_evasion discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe"	MBAMService.exe

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 5368 created 3228	5368	MBSetup.exe	52

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe

Downloads MZ/PE file

Drops file in Drivers directory 7 IoCs

description	ioc	Process
File created	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\mbamswissarmy.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\MbamChameleon.sys	MBAMService.exe
File opened for modification	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\system32\drivers\mbae64.sys	MBAMInstallerService.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1021.001

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys"	MBAMService.exe

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mbupdatrV5.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
2788	BraveBrowserSetup-BRV002.exe
2952	BraveUpdate.exe
4412	BraveUpdate.exe
3248	BraveUpdate.exe
1040	BraveUpdateComRegisterShell64.exe
2892	BraveUpdateComRegisterShell64.exe
4124	BraveUpdateComRegisterShell64.exe
352	BraveUpdate.exe
4668	BraveUpdate.exe
1696	BraveUpdate.exe
3912	brave_installer-x64.exe
4884	setup.exe
4920	setup.exe
3768	setup.exe
3708	setup.exe
936	BraveUpdate.exe
4592	BraveUpdateOnDemand.exe
3340	BraveUpdate.exe
2996	brave.exe
1344	brave.exe
1328	brave.exe
992	brave.exe
1488	elevation_service.exe
3920	brave.exe
4508	brave.exe
884	brave.exe
2304	brave.exe
3832	brave.exe
1612	brave.exe
3340	chrmstp.exe
1732	chrmstp.exe
1912	chrmstp.exe
3200	chrmstp.exe
4880	brave.exe
5448	brave.exe
5472	brave.exe
5504	brave.exe
5532	brave.exe
5544	brave.exe
3380	brave.exe
3416	brave.exe
5792	brave.exe
5808	brave.exe
5668	brave.exe
1624	brave.exe
4224	brave.exe
6052	brave.exe
2588	brave.exe
828	brave.exe
5184	brave.exe
5744	brave.exe
5368	MBSetup.exe
5860	MBAMInstallerService.exe
5944	brave.exe
3220	MBVpnTunnelService.exe
1244	MBAMService.exe
3532	MBAMService.exe
7944	Malwarebytes.exe
6592	Malwarebytes.exe
6672	Malwarebytes.exe
7172	mbupdatrV5.exe
7640	ig.exe
5892	BraveUpdate.exe
5908	BraveUpdate.exe

Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service"	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService	MBAMInstallerService.exe

Loads dropped DLL 64 IoCs

pid	Process
2952	BraveUpdate.exe
4412	BraveUpdate.exe
3248	BraveUpdate.exe
1040	BraveUpdateComRegisterShell64.exe
3248	BraveUpdate.exe
2892	BraveUpdateComRegisterShell64.exe
3248	BraveUpdate.exe
4124	BraveUpdateComRegisterShell64.exe
3248	BraveUpdate.exe
352	BraveUpdate.exe
4668	BraveUpdate.exe
1696	BraveUpdate.exe
1696	BraveUpdate.exe
4668	BraveUpdate.exe
936	BraveUpdate.exe
3340	BraveUpdate.exe
3340	BraveUpdate.exe
2996	brave.exe
1344	brave.exe
2996	brave.exe
1328	brave.exe
992	brave.exe
1328	brave.exe
3920	brave.exe
992	brave.exe
3920	brave.exe
1328	brave.exe
1328	brave.exe
1328	brave.exe
1328	brave.exe
1328	brave.exe
1328	brave.exe
4508	brave.exe
884	brave.exe
4508	brave.exe
884	brave.exe
2304	brave.exe
2304	brave.exe
3832	brave.exe
3832	brave.exe
1612	brave.exe
1612	brave.exe
4880	brave.exe
4880	brave.exe
5448	brave.exe
5472	brave.exe
5448	brave.exe
5472	brave.exe
5504	brave.exe
5532	brave.exe
5504	brave.exe
5532	brave.exe
5544	brave.exe
5544	brave.exe
3380	brave.exe
3380	brave.exe
3416	brave.exe
3416	brave.exe
5792	brave.exe
5808	brave.exe
5792	brave.exe
5808	brave.exe
5668	brave.exe
5668	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	MBAMService.exe
File opened (read-only)	\??\G:	MBAMInstallerService.exe
File opened (read-only)	\??\X:	MBAMInstallerService.exe
File opened (read-only)	\??\G:	MBAMService.exe
File opened (read-only)	\??\H:	MBAMService.exe
File opened (read-only)	\??\I:	MBAMService.exe
File opened (read-only)	\??\R:	MBAMService.exe
File opened (read-only)	\??\U:	MBAMService.exe
File opened (read-only)	\??\T:	MBAMInstallerService.exe
File opened (read-only)	\??\V:	MBAMInstallerService.exe
File opened (read-only)	\??\K:	MBAMService.exe
File opened (read-only)	\??\V:	MBAMService.exe
File opened (read-only)	\??\B:	MBAMInstallerService.exe
File opened (read-only)	\??\E:	MBAMInstallerService.exe
File opened (read-only)	\??\H:	MBAMInstallerService.exe
File opened (read-only)	\??\T:	MBAMService.exe
File opened (read-only)	\??\O:	MBAMInstallerService.exe
File opened (read-only)	\??\U:	MBAMInstallerService.exe
File opened (read-only)	\??\A:	MBAMService.exe
File opened (read-only)	\??\S:	MBAMService.exe
File opened (read-only)	\??\X:	MBAMService.exe
File opened (read-only)	\??\J:	MBAMInstallerService.exe
File opened (read-only)	\??\N:	MBAMInstallerService.exe
File opened (read-only)	\??\I:	MBAMInstallerService.exe
File opened (read-only)	\??\R:	MBAMInstallerService.exe
File opened (read-only)	\??\S:	MBAMInstallerService.exe
File opened (read-only)	\??\N:	MBAMService.exe
File opened (read-only)	\??\O:	MBAMService.exe
File opened (read-only)	\??\P:	MBAMService.exe
File opened (read-only)	\??\Z:	MBAMService.exe
File opened (read-only)	\??\A:	MBAMInstallerService.exe
File opened (read-only)	\??\B:	MBAMService.exe
File opened (read-only)	\??\L:	MBAMService.exe
File opened (read-only)	\??\K:	MBAMInstallerService.exe
File opened (read-only)	\??\M:	MBAMInstallerService.exe
File opened (read-only)	\??\Y:	MBAMInstallerService.exe
File opened (read-only)	\??\W:	MBAMService.exe
File opened (read-only)	\??\L:	MBAMInstallerService.exe
File opened (read-only)	\??\P:	MBAMInstallerService.exe
File opened (read-only)	\??\W:	MBAMInstallerService.exe
File opened (read-only)	\??\Z:	MBAMInstallerService.exe
File opened (read-only)	\??\E:	MBAMService.exe
File opened (read-only)	\??\J:	MBAMService.exe
File opened (read-only)	\??\M:	MBAMService.exe
File opened (read-only)	\??\Q:	MBAMService.exe
File opened (read-only)	\??\Q:	MBAMInstallerService.exe

Boot or Logon Autostart Execution: Authentication Package 1 TTPs 2 IoCs

Suspicious Windows Authentication Registry Modification.

persistence privilege_escalation

Authentication Package

T1547.002

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages = 73006300650063006c00690000000000	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f00300000000000	MBAMService.exe

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_6150ccb5b6a4c3cd\rt640x64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\repdrvfs.pdb	MBAMService.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\qcwlan64.inf_amd64_71c84e1405061462\qcwlan64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_1e173acb8f2f340f\net1ic64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_6686e5d9c8b063ef\usbncm.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4bcc91a0-69d0-b343-bdb1-8612c6807dbd}\mbtun.cat	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\wceisvista.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4bcc91a0-69d0-b343-bdb1-8612c6807dbd}	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_2E01D413E600DA01958BFB19A6EF6010	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7447D0CD4A15D8A8E94E184F8B1DF8DF	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\742EF0006013B9FE01E702FD2CAB0644	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206742EA5671D0AFB286434AEACBAD29	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\netwtw08.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4bcc91a0-69d0-b343-bdb1-8612c6807dbd}\SET1502.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\ntdll.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net2ic68.inf_amd64_23084e964d79333d\net2ic68.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_8a3d09c4ce3bae33\netsstpa.PNF	MBVpnTunnelService.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\api-ms-win-core-file-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Memory.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Xml.Serialization.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\cs\UIAutomationClient.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\de\System.Windows.Forms.Design.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework-SystemXmlLinq.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\rtp.dll	MBAMInstallerService.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_tr.dll	BraveUpdate.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\7z.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\fr\PresentationFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.Drawing.Design.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.Resources.Extensions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\UIAutomationClient.dll	MBAMInstallerService.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_arm64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\elevation_service.exe	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\zh-Hans\ReachFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\wireguard.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.deps.json	MBAMInstallerService.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\CHROME.PACKED.7Z	brave_installer-x64.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pt-BR\ReachFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\Locales\kn.pak	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework.Luna.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Resources.Writer.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pl\Microsoft.VisualBasic.Forms.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\System.Windows.Forms.Design.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.CodeDom.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ko\PresentationUI.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pt-BR\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.core.dll	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\he\messages.json	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\tr\WindowsFormsIntegration.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.UICommon.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat	MBAMService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\Microsoft.VisualBasic.Forms.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pt-BR\WindowsFormsIntegration.resources.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\gui92D7.tmp	BraveUpdate.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pl\PresentationCore.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\vcruntime140_cor3.dll	MBAMInstallerService.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\Recovery\GURBA32.tmp\BraveUpdateSetup.crx3	BraveUpdate.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\it\ReachFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\bg\messages.json	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ja\PresentationCore.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Dark.dll	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\Locales\vi.pak	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\zh-Hant\PresentationFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ko\Microsoft.VisualBasic.Forms.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.IO.FileSystem.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.ObjectModel.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Security.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Primitives.dll	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\chrome.7z	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ml\messages.json	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Text.Encoding.Extensions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework.AeroLite.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\assistant.runtimeconfig.json	MBAMInstallerService.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\zh-Hant\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Threading.Overlapped.dll	MBAMInstallerService.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4884_515484519\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_cs.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1691473253\1\scripts\brave_rewards\publisher\vimeo\vimeoAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_203900855\safety_tips.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1764174951\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\eric-patterson-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1158455058\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-mul-ethi.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-mn-cyrl.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_144565337\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1764174951\mapping-table.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1375587847\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-sk.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp\GUT1B17.tmp	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_sk.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_320115815\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_732274215\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-fr.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_zh-TW.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1691473253\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-it.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\spencer-moore-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_320115815\manifest.json	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\psuser.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_hr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_sl.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1612383827\manifest.json	brave.exe
File opened for modification	C:\Windows\SystemTemp\chromium_installer.log	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1612383827\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\nadeem-choudhary-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\spencer-moore-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\aleks-eva-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-lv.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1375587847\dnryisldmaqljgwaxeqbuuhuvrbboqlf	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_793683527\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2996_993248173\extension_1_0_15.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1764174951\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1691473253\1\scripts\brave_rewards\publisher\reddit\redditAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2996_1083073688\extension_1_0_284.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_144565337\LICENSE	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1691473253\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_6272_854006343\efniojlnjndmcbiieegkicadnoecjjef_1184_all_adi4za4ydmkhgnzh3aujrsyxzjza.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-de-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1271647286\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_gu.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\zoltan-malovanyi.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-el.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1957431506\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_6272_694068999\jamhcnnkihinmdlkakkaopbjbbcngflc_120.0.6050.0_all_dgzfpknn7v3zslsbhrwu6bt44e.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_am.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_6272_1259003713\ggkkehgbnfjpeggfpleeakpidbkibbmn_2024.12.19.1218_all_fv3otvkif6vzxcwwn5ycxdrxpq.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-gu.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_it.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_uk.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_2007416432\manifest.json	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\MBSetup.exe:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MBSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
352	BraveUpdate.exe
936	BraveUpdate.exe

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MBAMService.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMInstallerService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000"	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	mbupdatrV5.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53260A87-5F77-4449-95F1-77A210A2A6D8}\ProxyStubClsid32	MBAMService.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F3968E6D-3FD5-4707-A5A8-4E8C3C042062}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3DFEA6-6514-42CF-A091-C4DFFD9C2158}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A10434E2-CAA7-48C4-9770-E9F215C51ECC}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE77988C-B530-4686-8294-F7AB429DFD0C}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BA2811A-EE5B-44DF-81CD-C75BB11A82D4}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\VersionIndependentProgID\ = "MB.MWACController"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34544A67-823A-484D-8E18-371AFEAEC02E}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A583D5DD-F005-4D17-B564-5B594BB58339}	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{346CF9BC-3AD5-43BA-B348-EFB88F75360F}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\ = "AEController Class"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31}\ = "IRTPController"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\VersionIndependentProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46AEAC9A-C091-4B63-926C-37CFBD9D244F}	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ = "IGoogleUpdate3Web"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\Version\ = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6ED2B0A1-984E-4A35-9B04-E0EBAFB2842A}\ = "IScanControllerEventsV12"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B59F38D8-23CF-4D7F-BAE8-939738B3001B}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF39921A-6060-472F-A358-1CE8D2F8779C}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4EA13DC-F9D2-4DB9-A19F-2B462FFC81F3}\ = "IUpdateController"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEFCD43-B934-4168-AE51-6FE07D3D0624}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\ = "IArwControllerEvents"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\Elevation\Enabled = "1"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\Programmable	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}\1.0\0	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD05E6E-FF07-4CD3-A7BA-200BEC812A5C}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E298372C-5B10-42B4-B44C-7B85EA0722A3}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE7ABFE9-8F8F-4EDD-86BD-9209FD072126}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C367B540-CEF4-4271-8395-0C28F0FDADDA}\ = "IPoliciesControllerV9"	MBAMService.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7DAEEB9-30B6-4AC4-BB74-7763C950D8EC}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D}\ = "IScanControllerV14"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF153224-DA64-41F1-AA87-321B345870FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9185897A-76F4-4083-A02C-5FFC2A51F6D4}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE9646CD-EB6F-4835-9BE1-364F8896D71E}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}"	MBAMService.exe

Modifies system certificate store 2 TTPs 39 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF\Blob = 030000000100000014000000d772da0874059418fcdaace3f4ff2ac964a852ff140000000100000014000000246593980801e84ed4d64cea6455e1c0fafbcfb3040000000100000010000000fe9ab1791f2f2a2a01fce48d6b2a093c0f000000010000003000000054de7e1f5b9b2c1834c8e4fedef7bec89e6e7117ef761a80d1bccec1d63888d0d4ad1b6c5c6a4ea556436ddd29aaf904190000000100000010000000ce4cfdd3ed415f0993c3c8bd5428ecbb5c0000000100000004000000000c0000180000000100000010000000ea6089055218053dd01e37e1d806eedf200000000100000048060000308206443082042ca0030201020211009e02b0e94aceb2109ca1e9836be0c2db300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3231303532353030303030305a170d3336303532343233353935395a304f310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312630240603550403131d5365637469676f2052534120436f6465205369676e696e672043412032308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bb7bff8fbf4b2d43b6f1661c00ff8d9d2a7840c4234c4349a709395a45510b16fdee6031f53470e363075bec932a725a16385216091d2f53efa83eec3aa07ba25348802d95959b14ddb213f617c13b2612049cde3d4c4a3d33c30c26256f3d6e0f9503b18433c690499ef9e636778f006324606f5d61e44d1b0df783548cbc4f8a7c20f42a20aa61a02d902877d351569c94cca6f421cad8be289a4a1e5486c3f6ec6c6ac10e69d339b273758ff0abf75b77391ea30672e23287f97fc61413e468911d33a9c7b3302db6a9c581ef21848aba96ec110364e5dfbaa9c18d4e7e2cdffbc380c1a8296a321225fa20451c29f5549adf8ae067f1310f0a11c63170afbc803b177ec3f23626be3c37cf37b85d795497b8bbc37f76056a359f8213194f2af37dc9b988166a4c38d82b61e5615b571a0ec7fd7bb76b0a42401ff30fe0ec70ba6a79571889c71df7309f430a0715067245a3575ebfa3ed584c62197566c21b0175a6560d1461b5765bf137b4040503c1c4a3ff5dcaf49dbae72f16f6b67b0203010001a382015f3082015b301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e04160414246593980801e84ed4d64cea6455e1c0fafbcfb3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff02010030130603551d25040c300a06082b06010505070303301b0603551d200414301230060604551d20003008060667810c01040130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307106082b0601050507010104653063303a06082b06010505073002862e687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141414143412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c0500038202010055d1f2be5bc5485740e5ecd9faeffd6b92fca8754779e9cfc23d14f9a109e565b9ad9fbc4ef29da2e735cccfa2392b472bc0e0ba36902366d1126488d95751add00f6f5f8a90cf1bb17a6956fac2400a85bfe1bae0cd72337817684ef2eb0276135b8529532e1d3caf14b46c0333f437a1ed90453ff573bca9925017ebfe39ca4640eafba3b4179b585ac5004f6cd30cc05f6f867781a63d2516f62fa249f093bed557723cb3c8d21b129930221003f64a89e0928fa8c338600f2156d4ebab5733a777dd27e591539e2f671f4bc38bf4656392ce9512561e1daee2ed8074beec4dfeecc717d79493974c464cc54662e53b9d1a08c0630ad519cc0ab089cc8b2e084578d969ec7d0db7cf86a12ec3e0860e3709e44bc50c73c8f628dc9ed5959a235771ce406d9d5bea1bc3b2492444f41004caeda6925f54d6097b3ab992d310111499b6ce40ffe5c6a3776635adec33a03bc8c69e3ea19985587cb1a85a38e62e53ac7ffd133beb57d46dfdf21ce2f78cb42ef6d754ef23ed29b10ccb1f9a3cd82f9e0d66499f508786a0f1f9ca1cb01dc3f14c9efcd3a64feef466b642d170b95b948385bbd44479771188b1a071eafa4bf0ff8708cd8a8866ba87405c9488d8ad0a0742f7bee4cb993791318d9a6810fe9a03bc150226b79e70bd19804cecf00280fbff4ca2b76ebfe3d8e4dcf7c8856b986ed21371dceecac9ae317e7b05	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File created	C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\Desktop\MBSetup.exe:Zone.Identifier	brave.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA	MBAMInstallerService.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
4668	BraveUpdate.exe
4668	BraveUpdate.exe
936	BraveUpdate.exe
936	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2952	BraveUpdate.exe
2996	brave.exe
2996	brave.exe
5368	MBSetup.exe
5368	MBSetup.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5648	chrome.exe
5648	chrome.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
5860	MBAMInstallerService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe
3532	MBAMService.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5648	chrome.exe
5648	chrome.exe
6272	brave.exe
6272	brave.exe
5648	chrome.exe
6272	brave.exe
6272	brave.exe
6272	brave.exe
5648	chrome.exe
6272	brave.exe
6272	brave.exe
6272	brave.exe
6272	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeDebugPrivilege	2952	BraveUpdate.exe
Token: SeDebugPrivilege	2952	BraveUpdate.exe
Token: SeDebugPrivilege	2952	BraveUpdate.exe
Token: SeDebugPrivilege	2952	BraveUpdate.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
1912	chrmstp.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
2996	brave.exe
5368	MBSetup.exe
2996	brave.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
7944	Malwarebytes.exe
7944	Malwarebytes.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
7944	Malwarebytes.exe
6272	brave.exe
6272	brave.exe
6272	brave.exe
6272	brave.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2588	brave.exe
5368	MBSetup.exe
6668	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 3580	4496	chrome.exe	77
PID 4496 wrote to memory of 3580	4496	chrome.exe	77
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4692	4496	chrome.exe	78
PID 4496 wrote to memory of 4972	4496	chrome.exe	79
PID 4496 wrote to memory of 4972	4496	chrome.exe	79
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80
PID 4496 wrote to memory of 5052	4496	chrome.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/YHZWCx
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc89f7cc40,0x7ffc89f7cc4c,0x7ffc89f7cc58
    3⤵
    PID:3580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1804 /prefetch:2
    3⤵
    PID:4692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3
    3⤵
    PID:4972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2372 /prefetch:8
    3⤵
    PID:5052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:1
    3⤵
    PID:4720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:3480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3056 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4644,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4624 /prefetch:1
    3⤵
    PID:3040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4704,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4740 /prefetch:1
    3⤵
    PID:1788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4940,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4920 /prefetch:1
    3⤵
    PID:1496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5384,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5400 /prefetch:8
    3⤵
    PID:4120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5348,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5528 /prefetch:8
    3⤵
    PID:3832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5380 /prefetch:8
    3⤵
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - NTFS ADS
    PID:3560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4724,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:4744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5700,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:3704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3260 /prefetch:8
    3⤵
    PID:4072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5988,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5580 /prefetch:8
    3⤵
    PID:2832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5492,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5456 /prefetch:8
    3⤵
    PID:1464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6228,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6244 /prefetch:8
    3⤵
    PID:4856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6388,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6384 /prefetch:8
    3⤵
    PID:1564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5552,i,11493665914880842599,15976189848039155724,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5764 /prefetch:8
    3⤵
    PID:244
- - C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
    "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - NTFS ADS
    PID:2788
  - - C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdate.exe
      C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2952
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4412
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3248
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1040
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2892
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4124
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins0MjA4RTg5Qy01NUQ1LTQ2RTYtQTc2Qy0xQzQzNjkxRjdGMTd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QTBGMjYxRTctQjRCNC00M0Y4LTk0QjktQTA4ODMwN0Y1MzA4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9Ijg4MyIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:352
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{4208E89C-55D5-46E6-A76C-1C43691F7F17}"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc89f7cc40,0x7ffc89f7cc4c,0x7ffc89f7cc58
    3⤵
    PID:5728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1760 /prefetch:2
    3⤵
    PID:3468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1920 /prefetch:3
    3⤵
    PID:684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:8
    3⤵
    PID:4312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:5584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4380,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4404 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3212,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:5520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4780,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:1
    3⤵
    PID:4200
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4768 /prefetch:8
    3⤵
    PID:1652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4240 /prefetch:8
    3⤵
    PID:3372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:8
    3⤵
    PID:488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3436 /prefetch:8
    3⤵
    PID:2588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3264 /prefetch:8
    3⤵
    PID:1972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:3108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5152,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:2
    3⤵
    PID:3040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5208,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5284 /prefetch:1
    3⤵
    PID:7820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4972,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:7832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5184,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:8088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4812,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5292,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3400,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:8
    3⤵
    PID:276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3340,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:1
    3⤵
    PID:2388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4740,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4708 /prefetch:1
    3⤵
    PID:7156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3312,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:5460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=2956,i,12728906171801584938,7638130806363095463,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:5756
- C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
  2⤵
  - Executes dropped EXE
  PID:6592
- - C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
    3⤵
    - Executes dropped EXE
    PID:6672
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
  2⤵
  - Checks system information in the registry
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:6272
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc85371d18,0x7ffc85371d24,0x7ffc85371d30
    3⤵
    PID:6260
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1860,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=608 /prefetch:2
    3⤵
    PID:4752
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2216,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2228 /prefetch:11
    3⤵
    PID:6340
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2396,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2400 /prefetch:13
    3⤵
    PID:7628
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3624,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    PID:5800
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3732,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:540
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=5048,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:7504
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5576,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5440 /prefetch:14
    3⤵
    PID:5508
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5416,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5636 /prefetch:1
    3⤵
    PID:6332
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5224,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:7884
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=952,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=956 /prefetch:14
    3⤵
    PID:7180
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5608,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5712 /prefetch:14
    3⤵
    PID:7416
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2856,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5036 /prefetch:14
    3⤵
    PID:2328
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5060,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4752 /prefetch:14
    3⤵
    PID:6604
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5712,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5408 /prefetch:14
    3⤵
    PID:5984
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5808,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5612 /prefetch:14
    3⤵
    PID:6624
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2892,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5804 /prefetch:14
    3⤵
    PID:6708
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5036,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5836 /prefetch:1
    3⤵
    PID:7040
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=252,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6028 /prefetch:10
    3⤵
    PID:7424
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5708,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5892 /prefetch:14
    3⤵
    PID:5540
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5080,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5992 /prefetch:1
    3⤵
    PID:7176
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5692,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:5652
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4923284676845372998 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4020,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4024 /prefetch:1
    3⤵
    PID:7116
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5836,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5772 /prefetch:14
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:6668
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4612,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4980 /prefetch:14
    3⤵
    PID:6168
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6376,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6396 /prefetch:14
    3⤵
    PID:6296
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6380,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5236 /prefetch:14
    3⤵
    PID:5700
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4644,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6584 /prefetch:14
    3⤵
    PID:6536
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6248,i,8427457701601066357,8757612296006287166,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6676 /prefetch:14
    3⤵
    PID:6672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3812

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1696
- C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\gui92D7.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3912
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\gui92D7.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4884
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x294,0x298,0x29c,0x274,0x2a0,0x7ff7c4b0f418,0x7ff7c4b0f424,0x7ff7c4b0f430
      4⤵
      Executes dropped EXE
      PID:4920
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\gui92D7.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3768
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{AF7B6AA9-DC1C-4DCD-98E5-982AA6CF26CE}\CR_8D81A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7c4b0f418,0x7ff7c4b0f424,0x7ff7c4b0f430
        5⤵
        Executes dropped EXE
        
        PID:3708
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins0MjA4RTg5Qy01NUQ1LTQ2RTYtQTc2Qy0xQzQzNjkxRjdGMTd9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MTdDNTE3OUMtMjdEQS00RTI3LTgzNzYtQjNEN0M5Nzg0M0FBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjEwNCIgYXA9InJlbGVhc2UiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwczovL3VwZGF0ZXMtY2RuLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UvcmVsZWFzZS93aW4vMTMxLjEuNzMuMTA0L3g2NC9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBkb3dubG9hZF90aW1lX21zPSIyMDcxOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzE1IiBkb3dubG9hZF90aW1lX21zPSIyMjIzNCIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBpbnN0YWxsX3RpbWVfbXM9IjMxNjc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1416

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4592
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3340
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2996
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc85371d18,0x7ffc85371d24,0x7ffc85371d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1344
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1328
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=1900,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2168 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:992
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2620,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2616 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3920
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17492118889651888542 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3376,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3404 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4508
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17492118889651888542 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3396,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:884
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5216,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5224 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2304
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5268,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5276 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3832
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:3340
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff72679f418,0x7ff72679f424,0x7ff72679f430
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1732
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:1912
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff72679f418,0x7ff72679f424,0x7ff72679f430
        6⤵
        Executes dropped EXE
        
        PID:3200
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3352,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5444 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1612
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5044,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5372 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4880
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17492118889651888542 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5588,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5632 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3380
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5664,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5400 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5448
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5780,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5788 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5472
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5944,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5796 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5504
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5968,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5976 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5532
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6136,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6272 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5544
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5928,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3468 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3416
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6156,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5256 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5792
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6504,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6252 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5808
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6536,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6548 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5668
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17492118889651888542 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6560,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6724 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1624
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6544,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6780 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:4224
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6772,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5924 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6052
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7136,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7088 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2588
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5232,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6936 /prefetch:14
      4⤵
      Executes dropped EXE
      Subvert Trust Controls: Mark-of-the-Web Bypass
      NTFS ADS
      PID:828
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6468,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6516 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5184
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6572,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6328 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5744
  - - C:\Users\Admin\Desktop\MBSetup.exe
      "C:\Users\Admin\Desktop\MBSetup.exe"
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Drops file in Drivers directory
      Checks BIOS information in registry
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:5368
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17492118889651888542 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5860,i,10555855417745559695,12301399586895952573,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6316 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5944

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1488

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5860
- C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3220
- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Modifies registry class
  PID:1244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5744
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000150" "Service-0x0-3e7$\Default" "0000000000000160" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5396

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates connected drives
- Boot or Logon Autostart Execution: Authentication Package
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:3532
- C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:7944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://links.malwarebytes.com/link/pricing-inapp?version=5.2.4.157&x-prodcode=MBAM-C&x-token_secret=0RJqCl-jr1uEbqGi4UPgLhkDru3BaVzd2jly4J100VqAZvxqyGmLmyd1COJax6DYvtjdtpwAGFl-9zbItNIMC0EuxOCPpJcMvRx-J3o86lMDntzUwfzMDdJAIX8Jf78i&ADDITIONAL_machineid=2b9b845b421e57786703a7a726d7e444a0588de1&days_since_install=0&source=mbwin&varID=mb5-rtp
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc65153cb8,0x7ffc65153cc8,0x7ffc65153cd8
      4⤵
      PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
      4⤵
      PID:7804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
      4⤵
      PID:6512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
      4⤵
      PID:7964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:6840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:6912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11631680411320429624,4060619029657451240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
      4⤵
      PID:7424
- C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
  "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:7172
- C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
  ig.exe secure
  2⤵
  - Executes dropped EXE
  PID:7640
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6168
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6208
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:536
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:3416
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6228
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:3740
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:4896
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6232
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:1392
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:1540
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6296
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6304
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:6024
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:2896
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:5492
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:944
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:4908
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:5716

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5892

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5908
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:8028
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8040
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:8048
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6628

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
PID:6384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6820

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
PID:5768

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:4584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7656

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Authentication Package

T1547.002

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Authentication Package

T1547.002

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Remote Services

T1021

Remote Desktop Protocol

T1021.001

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\setup.exe

Filesize
4.3MB

MD5
94483ea960f9bee9044e0a8ca31fc33c

SHA1
39e29cde48af84b3efdf16ffeacdc35be3e0e1e5

SHA256
e308f70103afbfac265121f89759906299213e88fb9802352695f8260bd3d31c

SHA512
d189adf07c6715d38547bd8873234d16596970d671ba3fb9c222d6a9aa10a5fc7cdcc6cea6627c5b0031b93e60e6db18e45b2661532873f510151a9b3f1fcb94

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Filesize
2.7MB

MD5
e04e61828c9fffcee59cd90ef155c90f

SHA1
7a97b65f11d2b3f30d8e2dde4c44bdf16f3d3b24

SHA256
05d4d87f43646f7ca2e50520d8850e8808748a508c2761838d5fb92d66d6ce35

SHA512
04792b998628cde88bc2601534678e55b2d6fde290496e5af08a2955a992ca3bb767bd025dca4373abc55141de8d270f62f628e51c887de54035bbee10379ce9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Filesize
291KB

MD5
fb11fcabb75d0ed734be6a2d5f996765

SHA1
4ba08b4e37a64e3e4096ca7a690546919ec72415

SHA256
fa5449c7ddd3ca787751f6f09b3429740f383c3718ad985f82c30943ba66cdfe

SHA512
ab2b79e0fa0af523e00460af7b4ae0729b68d9cf6807bdc0407539474857b8d559f199d7445aa16f8277eb02ae4eaa3e840882d3aec394df0bcb415cf06c2f67

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
621B

MD5
84ed8f83759f323757bbc75ebdab9c0f

SHA1
ac1fc965f7ed1dfa386e6474b1e7e95ed3637c66

SHA256
31758f08a9f6022f229eecddf272ac52cf8255691a423fcf8baa460b861ddc67

SHA512
c3dbea0d75b6be6d1c4b29fa1b68e6191125c8f0977d8189d8eb03bc1f31e617822b97638e97c4e39c23ac42dcf079e6d53cdd7a915d1fae7feb8f9ae91d03e9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
654B

MD5
878a34632f09e55d7f3782000ef9f5e1

SHA1
d08b1108c224d911573efd4cd6caac0a857223e8

SHA256
43de92e1dcbed78b5bb421b493b3454fa4fbd13c7f31e3bae91b26a72f5f9059

SHA512
ea6400841599ba43d1de5e059333163ac61f9a9099ef82f3037d5652502ed453f3a2550301cdfa05aeaf8c3b2b56118a3b131a54b91a435ab97198c0f9c90efd

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
49a4a2d5821fb4e6b6efcb6fcefb7cc9

SHA1
0d78e0ef7a41263e88c2c5fb04e7869e8bab9598

SHA256
ba34fa932747a1173a929cde46268201af065734cd8bfaf1f6ffc8a706ad9292

SHA512
c95be754c07fb220f9701f29137a57d52e6a92f2dc8b07aa4066e65b689ac0325eee99d870981cb76dc64da2eb20d4decae5857d8c87bc81805f861428ac8c33

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

Filesize
2.2MB

MD5
b39ba8b6310037ba2384ff6a46c282f1

SHA1
d3a136aab0d951f65b579d22334f4dabbebdb4a4

SHA256
3ecbcb6c57af4456111f5f104b8fb8a317cdb0f16e98412249f7a2d62bca584d

SHA512
a8b98f47c30503029f2dc80398dacd5f8fc07db562d04c56b8c7902bebf11517223350c41850b81aca770ebc9e68fc365921bd6cce34b57b2c945f1c51b538b7

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

Filesize
3.0MB

MD5
552132510df12c64a89517369f07d50c

SHA1
f91981f5b5cdef2bdc53d9a715a47d7e56053d6f

SHA256
3bfc8b26e3a44d2444837b2125fb5c94eb9901faf3d49a8a5de1e2089a6b50b1

SHA512
c30a893fa36a056db5ecdb765bcc0fc41adb02696b22a30130737d8b1a9d020b30bc651d45c63ff73b621459eca3668aa51e4a71b01b00a499bffa941cd36930

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

Filesize
1KB

MD5
5d1917024b228efbeab3c696e663873e

SHA1
cec5e88c2481d323ec366c18024d61a117f01b21

SHA256
4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

SHA512
14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

Filesize
10KB

MD5
ddb20ff5524a3a22a0eb1f3e863991a7

SHA1
260fbc1f268d426d46f3629e250c2afd0518ed24

SHA256
5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a

SHA512
7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

Filesize
2KB

MD5
d87c2f68057611e687bdb8cc6ebea5b8

SHA1
27b1311d3b199e4c22772fa1b7ea556805775d37

SHA256
ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8

SHA512
4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

Filesize
233KB

MD5
246a1d7980f7d45c2456574ec3f32cbe

SHA1
c5fad4598c3698fdaa4aa42a74fb8fa170ffe413

SHA256
45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147

SHA512
265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

Filesize
9B

MD5
4e8216b2ab7456d308db77544216f2f5

SHA1
778e02758aebcedb720143f4592ca617a129b25d

SHA256
df1626cdedb79ed8b7e013c7a31b4accf312a39635a689f3be4bb6821e951e8d

SHA512
847f6596ead9e38e868995340a8f7398af96a3014c7e150a8bb23589e5a2efaa96cb7270d78cb9f3d1b9915e4554d5d88c12f4a8c2856453a030c378ae102050

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
9c87d1e380200aaa33329e12a227a389

SHA1
c405766bc319a893d357cd0d988e0d90fa347559

SHA256
4a4834b2b73fe7616f3c6eb1e19fa63e76a217d3db641d2c881c60754d07a0e5

SHA512
02f3bc36ef0ab1885a2dd55962bc231b88b3527dba636ffd7be4303bfefe0f5ecfd30c5febbe63db5dfb1b71a858bec88ea982cbf5f23c8ef6cfd3cdeb77080b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\c15d1e08-cdc4-11ef-a548-d20112bc8c05.json

Filesize
16KB

MD5
ac13a81f0f152d2d2cc36a33f752a4a1

SHA1
092d3ad77dbe01a441869647ac292b3d1e4d5bf1

SHA256
f443efb3a455e1d9fcfb6f9a61c972803904e7283a9f872f0a45a51b9c344dd8

SHA512
b119ceaa22590d16760f177b552b7f1a444f40d5099610d4fd0bc094db6ed0f827e5eb12a4bd2dc1b5345c210ab451330d75d24d4b6d074982fd42c0a544da91

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
1KB

MD5
cc1295446803ed697d9fcaf3ade4ac75

SHA1
bc60237eadbf7e89353107bdd9c655b81e25cfce

SHA256
77ed77692267a21cb08de0ae11a9371e9a0a58c4848b0b75035e713e88cb2cfa

SHA512
56b417f54168b134a3284035a7b8bea871605e4ae50bc2b4a1b6990fa6f91f361bc8a83b1c29228bedeec39f8fd66cbd0c274c98c39cf6cdeb936554b16da6e2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
47KB

MD5
1d1546d293787139d118eadb4cae2ef2

SHA1
7c5754c8a1711b5befcbcb3ab02b326d54cbf3f8

SHA256
369974c30bff4917d0bc595211b73bb7616ae74e856d758e17ab0fada50b6242

SHA512
082509d7634dc41776ecf94d17f97a143478399265e1041fd13e4234b70af9be5bce090a6edaee771e1eda9c0ce0cdfa74fbb706eb11f1a1c863c67941d2d44f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
265967e44b3f5bca76accae7635292d5

SHA1
5e362aceac00cd6b1437d3390647f4602759a9ef

SHA256
36d6d4e89f5f6bee897f76d0c5d8dec7722f483f1e249523cffd5d4165b6d97a

SHA512
ea3bb43db4f67c7a2a694319810c0a4465c88f8203a86d1f804dc1f39d289be6b553f71a0548a2520b7a5a6b5ebf5db8d9fd834d000bfb096e85009448fd9d2b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
126c88dd4a6efa55ea565f32d2c89d08

SHA1
df6415480c92853463954dea460bd3bba01088fe

SHA256
25e8668eca014d111cdac2162252fe5b7465fbf6377248ddb48d68288c88f5bb

SHA512
8630733de6132c774caa5d0bf321964ccbb13d2828d128ecbe39f8e1fbaf527f9acaf3ce133627da5f58f8c647e280db010b0ce9de221de323daef9b4612d378

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
607B

MD5
2ec35e6713c022dbed1193aa23f8f566

SHA1
fdc3a31d64eccfa21ff8bb194b893ae98e5da3cb

SHA256
ec08c0f5afeb43c044b0b99a1d65c93ea2d10ce489913dd427f6642f4ff488bc

SHA512
9a75426ab8decb82c6e80cb74c57a6692e4bf52d39cf1e05150c345d64fb390937187566d13ca7953f6854b85e41dd56073de3f260bae45dc4fc00e81d45e028

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
847B

MD5
8c4743a8ba3c7e2959b73a11bbb30cf2

SHA1
fc914b8139881e15b7c81da10e536672113a1901

SHA256
6c64cbbaada163c710bc86c48cfa3c872b9c8b5f7bb11fa647da12afb690c3be

SHA512
47e2801eab352c0896ba5ad2790ed577af6424b0cd80f49938bf73d0230c7591a2345fea384e5e95a893c7175b05bc9a292760efdb955e0e0ac2da289e083820

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
846B

MD5
06809cd76de3bb2e14aaf0f4846e2bfe

SHA1
738e75157f66a4fac2fd944b6f74d3a88dbf7466

SHA256
a3ef5ca4621702510d73fcafbf2ba6e8a58c2b103509b96daab8902c0ecfc4e8

SHA512
0bbf9a369b37c785d8a60a3ff90fdd096e4f4952c20e23f7e0f1c37bf420a4ab4d18271dec477ea010a942f9a938d176b5f36a5b983e7f3d6a710f525ebef612

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
827B

MD5
e162bb6593e90278d31c8d3be708ce0d

SHA1
d86be73634ef67acc7a2d625eb43a110f6deeacd

SHA256
07a613367bcc65af117942803055fe7e096a67aa3dec043c0188c65ed9028611

SHA512
5789776e636dd0d8ad38e7f1352aca9f76d0146e452a94a6b61fa0eb7e29ab6285047ea3a7ef098617676fc589b190406b56f6cd035ecbf2bb3e2a65a2b58cd9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
1KB

MD5
4e639557b82b5a5df96ea21c427bfc52

SHA1
cc82bcef5dc9516e2cd10fed82ca960bc175e29a

SHA256
5cefa51530c85b2d3316ee0726ba0a5098d0156f1761b9c58d15f53629a5c4cd

SHA512
d514d3ea88591ba0ac14862d26a5066b872080b8a34e098a2c3684be0d9ac770e9fe7d85003c1088a2f22b74311b6c406a7b77d793cca8c99172f62c57bdf61b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
1KB

MD5
e055408f724918191f3a32c063147eb9

SHA1
9948137d9a1e4a8714780e3359b8a1118ff92ee5

SHA256
20c6600fbee531f71fc8a945b722efc3a8747c3c9b0c62819a7fc2c635063425

SHA512
b6bb896646bc823e2dbea14f3979da3ceedfd0de525d61146ee0b9a7795943429624ba0bc2a5c27b0bab22cd3415f029fee671c4c3da4f75484f76fc61fc7279

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
11KB

MD5
9b1096e85235421fb2fb03198b753c12

SHA1
c7119facdccaf67c5b7945179cdaee2ff965fa60

SHA256
06abeae3cb5ae6bc94ec08bf42e2f8c65058e4f71d984b2e34ed5c631279fbf0

SHA512
d48f9bc4d1d526fd06843ba58ad03d485e42365e22560821b60a5c6f2ade20e2e961446633736bb22cd9408a1970b9ff0fe79e56b39b0a416c030584a878013f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
12KB

MD5
6fa748bb980017de5f9f0facdfbdb4ef

SHA1
1bc7db29fff4b06fcbe0bdf2c4a3b5c8dacc3b04

SHA256
ec2493b9c2436fba2d55d70505aabef42aad36b8ff9473ce95455b8a06a94e3a

SHA512
bc949c5899143c05634b9c6817be559b161dfcf0868c71a807bbbddbbd4bb6b206d2a363b6d001bc10d1bdff20892a09ca882d8fd80a605eacf71ce79a3a2829

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
12KB

MD5
74efd6c791d6f32ac3f9671cebaba719

SHA1
c90cf2fd730441ee68e01734140f6f4ebd1334cc

SHA256
1fd4742964e0b67a79a21c73f137c27b2394c4824b165538335ff4d520d9d556

SHA512
d2ab88ac21b6e6f004c52fd5f0628618525b16cd5507b2c2b0065daaff617464e7f19cf6cd0b5d77dc60ec66cd09ada73aa074287e60b070c97a8aa8f808add7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
1KB

MD5
352b4fc667abf6328688d8cb0d554817

SHA1
5d50fbed316e74e591b7b948af27ef0122b51ce7

SHA256
5717783c7bbd14d8d4b77f1e7d309078bb360e149fc2a84fd25fc6d9e598a7e2

SHA512
0cc5a5d01831d4d8179939d778a440f2653814c0e1da522d330aabf8d8760d5705b93a952c26498b0fa466cb2fe5754ca028b4fb3dbc9b97a3061280ffb25e69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
2KB

MD5
44f6a4eb6bf9a2b5b75dfe8b7b4de310

SHA1
5ba265314a65e3b9782470cf04bebbdbef408125

SHA256
b9431ab67fa0e6bdee37a09458ea76fc5814a2da98c9b52adcb7b67849aed6a6

SHA512
66812f7eba69923b0fec10ff12e7973701d2d5b7cd7b8e855b7ebca14d000967e247e1f65a7c02c67d1cff7a960d5d53ad06ed9852501327e377368108e387ce

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
814B

MD5
0c6f19bcdffe844111a41a29926f3e69

SHA1
d3a3f97bec23ae2d4d80e4b9ce3b1c2a9fbba91f

SHA256
441e4c43f748256c824da68d4afc6ad2c063c026008e11202b8ad32485a117c4

SHA512
39800c7d34db7b66c5a1bfb460bffc2fced3f359d9649e7f724d7fd0da2be2ac46faece4f4887e4417997982529cbe7a3288047d945e376b581d2b9f1548e06b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
814B

MD5
1bc83e3a98d44bcf30b6f8aced3cfb3d

SHA1
d1d6bc24dfa7b4e9c43d1e518dea49cc2c2ea143

SHA256
1d8d2edffed6cb4575d52d2a64dd91e7704f5ed6a1c30e534d6fa21d52269451

SHA512
7639f9b1e9c794709956304993857400d2f3b3eb4c360961c70b4441cd8c911a81a5ec6703314116f0a4c945de56b70f40905d306b10fe752dda94c6633e9231

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
816B

MD5
4c118d3e092e66eb1f02fe1fc0f9d138

SHA1
f822e56804132454a473263b652af0c504a10c68

SHA256
0a28be0238ba0f6087208257fcf07784a9319d37feb97b9ac653b53301ef3088

SHA512
281649a13f9213567d0b11daa64af39bad155bdedb2cece4b3afad2bc934208b2be3b09d57c6bcb437a40bfae31a32ac73ed33213482edae24a87c71785e2851

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
420bd0146869781b91b2299d55d8a08a

SHA1
f3364d3ec187f8edfb9a1d6e1d692c538572fe31

SHA256
720eda4dd41b7d06261a279d659c9ed5c36f8071922320b87f8866c00f5596fb

SHA512
ec9c4fd0f08c2bd18c1d8af7a21772679f710ba39172b1d18e8606a0a2e2358f275c3d853e5ecc97f23c64757064b9f8e3e8644f13b3717a8f0c4addb6ccb718

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
54204eb31691a3e706f23d421b765957

SHA1
a5d76f1df37322bb6c1692ae66f9203f846258ad

SHA256
65cdffc2db896f2a0f49ad21614c7c2e8ec1d630c9fb2fd9651364db4c4fefa1

SHA512
4a200ad122254d644fc53782c486a14f8379246313f33422fbe73e6d1f7ea23bef0f74ee5ea990e675fb4329a4dce298f84cb36a3ea77fa23be68d99a8c3cc17

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
fa1b0944d810929d3f45980d0d09933d

SHA1
38053c4144cb1f6bf79dd7705dd8b0f781a9593b

SHA256
8e1d70b75b682605e713f81d0829fd0ba2a06244b7f48c4458734ddd26382060

SHA512
4028b6c08866c8b2465dc98280485296df59366c4ec41586d22437fb69ad05e46074623d03ff647534cf6ba7bf5ddc8f8eae67470be1b4d6ede70a01a73d0f5d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
3016d73e750469fa1348ed9fb4ff09f9

SHA1
a18799aa9ae82286baf06289033ae947c1f4dcc3

SHA256
8c2431fd7885f81a6a35ba118f9069c082ebbd63cd6df232ae406f4409a3ab5a

SHA512
fbe2c2d16bd297f56c9d0db50b7101ca6b616d3fc8f5adbfe109a15fe53afa8ecf281e8934c18f64d86563528ad6573ae3360f99c91d1b26af85516a989cdf26

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
ba8936d00b1f4e79961f72249e37f18a

SHA1
f147a6e92173f21ade4b331f99cef5f2d462ce3e

SHA256
89274af5c401a0ae684fac9302122d73659ab23cbaf81c66cd30f77565e7ab60

SHA512
4fdd230297387e491f6ca74d4f686f7bf47683ef0114006e403da439325529f4940305a6b594ad24e8476f7f0b1563b75c86eb3d778afda2520095c24bfad8fc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
2KB

MD5
2e600dd8bb9a365d423e1452175ac6f2

SHA1
1b7164b11d39233b919af158128c6842af6dc2d8

SHA256
2d675ea389ac27dda2e0dda9ed4b2bf0dc7d6acf310bbdbf1138d02267642cc4

SHA512
5b2f40aa0e8260f0ad6ea86c60c770b493eafe85e1d66ded7e9df9c26f26a4b90ff8e610661f50f3622b64c6f025379824a3f1117a8adb1c868ac5fddc9e1ca0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
ebd9c625fe10e82c09210764534961be

SHA1
bf43d4d9cca49a5a967ec3832a0f92b17c3fbe54

SHA256
62b7b786a4d13e114473fb287f3de495168c9f0a492c5d67d23ae542b5bc2af3

SHA512
2de22978724cbf8b57097cc40c9d7ab27058d7ee88278d9e305adde50c619fd3ad53ad953c50810845e10d5b5cdb0111c8bac0f9d1ae9655aa2b7e2dc5c21d7e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
aa056c185fb72e507552d45d6b88f9fc

SHA1
086e474cb4fb3695625d721709e95e3521beb1ea

SHA256
61c0edc139416bd8bfd6726f265cb2172efc59073c516dca181a09e3d7beb0de

SHA512
94845e4ae31288e7f56613e54ae1443e6350b1c23425a95ff2e35ae9924d35e635eb05c9fc524addc0398f2e5b6b1d0ae065ccd8d8db7114a5cfb37825f24329

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
85abf0cb9f7370f44d6526ba820d09ab

SHA1
d71a8150a270609008b7cb34f4f2fa2c1478661a

SHA256
33da060af41aadb7bc947b099e4bb525ecace251bfc6ca7acf02fbe9b3984d51

SHA512
1575503171840da3e04456e8cf099c315b7c2f2fc1a744901afa0e404627852a91e584b7f909bfe712f3c9db530fd8f4f39998eee80e1691d7c8205c481c7b81

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
9c4def48d105719b391f38a39149ea74

SHA1
6ff4e7933e2b0416ae57565b58443248a2c0244c

SHA256
841a575ea884b00c2f226f84919ae78b73d86b23aa1b564587947a5470560108

SHA512
18780d8155ca742b55a9b270648161b600cda30a4c9a7f2b98199861e0be4eb25e2ed7c7d9e1843a5f60d204ed44f137b6ad5006fc90918f75b0a90401a70e26

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
7aed0e6d34ebc4e6417c826ebe19722d

SHA1
7a0b6a3017697848094cfa9c40baa6b0264ca7bf

SHA256
d516a0e3c98a27edbbdd1fd9d07d07444dc4e93ea409068ae5090340c04f0bef

SHA512
2a91f738b637f4a162a447e9b5b2d3ca0b7dc0f9e3b13ed8e80a97dd3e0ebf93e393519c35ac801e8fe566c3403af5cc5a4ba821fdad0db684cf8a21a1896466

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
d90fcc7e654f1e885e971a673bde8159

SHA1
6f4e23e55d15947c1ee01a861e4461598b31b412

SHA256
8cf4a3e3f8efafaf8114be55853886b5dab203cdf838914440eb51c8728cb3d7

SHA512
0b8fd2a8062406c80799fa5e60c9dd43b7132fff9d0fb8493eaf4be51905280a902a0be0fc6cd4bdc83949ef8375b0c239340b50727f696b87448d70e1160b4a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
feeba30bd522468e7afd8d675aab2f12

SHA1
c80bd7e0a7a6b23d5f476791643e5433e7236381

SHA256
947d13adea60a543c64b693edeec6cbe7d6795f14bae4187ad6047cf5579ab7b

SHA512
25cc3e4a54413c263739ac8547c73f1bc8034e1a60bdbb6a6dc1b18e44914447284fa1fc78429db6e34f52bf6091b12bf836cd54460e689da2bc489550b16f60

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
7645bb66714da5da5a1a8faeb454f6fe

SHA1
5ae9ea8709b6e87cae121d4bde54e4ae4df5910b

SHA256
f895680b1d5d7d64eefefcd9d7e6f3339d81a37cde53d443069320ca1c99d047

SHA512
b857d217ddd52700a43ee8b441f233bf394a8869a0b21359a92adc40b84044e3793025688d778a3898a82a29290a95a69be6b08c14d11967e7e46bde9f3f66bd

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
11KB

MD5
23f13794bbfc7c3d813931f5a3ac328c

SHA1
ee7df1581e80d1dfd7f8a28caf8ae8b83cfa4ac8

SHA256
e69b4aae62793eaab7c75911d940ae938090c95f80ac06dbf1c3499e9b89c9c5

SHA512
1bed99c914058272ec4a3696e2655aa1e770c0a46383e1237af21f8825460e294a355c6c9383a429b8fad201e9513e2272aca92374fdc1522c391c8e2d32e4f2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
a99b9be2f4bdebc3e3030e2b54bdca20

SHA1
44bf4701885179c33ea0301b49decae6b557e018

SHA256
81f47752867229c37c9eed3fb4abb88367739bceae40781c97767de6ee053762

SHA512
9aef62f52fb7a1e163f0b2a15f82da54fb3001626d398152f38f0f67774f9bfe9de2b9daed070a96d60510d5edc76b984e11187a2655d415a38e0773ef9df7cb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
b6be856dd14a0687513875b899e1baa9

SHA1
c887feb11cc847f88e9576b79b10ef41432a80aa

SHA256
279f322cbed2a25a417e735b105abd6a1139306572c84c71e19a24706a8f60a2

SHA512
77204ac4bf325f4409090957b1b8738517174160448c8da22b71c9809b368407f1da4965aec6782dad0c9d20be18fc22b7065ff0fa2885a907934a0d30764227

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
f49a2c30fa6e5294b31c05b59047ab63

SHA1
f49e2e8a392686e89a2524649ff4e892c1ed3c7f

SHA256
156c3cb114c806db45d661f4d29aee24e9fd048c6db24252ffc7ac0ddb471bd1

SHA512
d38da02201dc9ca28cf902ab9bca0c5876a5722589aff911ac084e7072d21f304954cec74f2a04ee535d355f8c589ec800e642664cac802ff146b4f263d70c02

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
4b9406eaf4f693c8e4110bcb95ea0cd6

SHA1
a3f26f3909dc7122c8d31723d56f9d98b346ff84

SHA256
2110ddf0ddb4a2b9207b4365e42c7f094c7cc57194bfbee99754e5f93394feb4

SHA512
0c0de39f55174a9ae5586c514be3e3fa9e64d20b0d41ad4efc464e60732a04fb931d8d4aa932ebe7865dbbeb713bbe1bc7e82c4ea3f211c55ab63cda2cf0c5b2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

Filesize
1KB

MD5
cdf3b50d9bb4677518b13a4f50f8e969

SHA1
f3ae7e65331dfb97441815faf8f1bc6fc4d27ed1

SHA256
fd75d6c5e062bcf3894d0fef071c8e646147fe11141a188411b6f7a3615f9f74

SHA512
b6bfff76b7cb3e47cbe6d255cfc3b1cff1590968f8e03996266a0f35fe8a1f2c90344fff1804d9d44b955f842b944be2a00a8dbc8b3a95dc048c6297df69c87a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
bd7521323c1adcebf5a0348e4e946af0

SHA1
d8032e2e6d8bdccb36e64c4bc06735cfc284d4bb

SHA256
b5359d40ae67d1f1ce209c385696dd4a353dc210b319d3cf0d96967c9beaa70b

SHA512
f37c112d5008e4c3e7479ebcb464990a307d54c9119eedd5a952edffc3946974920acd9c774ee16621cd9cad0c82a223926e3a2077394fbcb627508fe3eed5b4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
bed9365095578ee3342982eeb65d2391

SHA1
b7cd173ebfb156140c709dac554eda290d18c7ec

SHA256
c77ffd43296a9966f2aa6f87320873532c078c1165cc18c18a6b3d8087abf119

SHA512
a42c8b68854a6092b3c20d795bc1f5fdf3fcc3d11e5a7d28aef5b281937b5a92ed46a1316aef692e22f5159e86d4aa2a210f50918d28660d9eaa6706d0d47200

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
c57a9d8d70d9b4232469893866c69cae

SHA1
74daae0297ded262446b98984d1a31415f80efd1

SHA256
a3b0fb7dbd76209f1557e172c6a5617b3e16106403b476a64d922899dace6be1

SHA512
8308f9148e7d5008078c1b54acce9bc6d1719c7afb680317a4ba964488c81bf0482762669904640fb3cf7df31e68a1be2d40e08599c57932f0e841e10476647f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
20f7d59d3a7da51fb9c6f86515f96b79

SHA1
c8a34735cc9767f41db5da33b7ccf490b8b30942

SHA256
c9a151a26cf2962eb4e915d5b99c532e54a506b029d806294db5785c129f0f44

SHA512
d4f90dbc5f50288a192a9811fb3bddab12b1f0d6338c9677d1a8745017a6250e1c2d5b1782cb6def549d17058b4b5a26e2f4fd1fe03bfce1b62489993912adb1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
06f18e40814f9e4604f7475e261b21d1

SHA1
858f98c3b29caa3b1cbe64061c5806c6adf21e05

SHA256
ff8381e15d6b2d6f025e426d39528ac3ba7ea4ff6ef11d81b9cd2b44cfa4ce31

SHA512
759b043e66e5e62528d13f3ad2d3fae7f589464e7972909d1e33db69cdf0bde426e18f2c8cd78ca3a28c9b863ea6460a2bd05c498fe735d2c8e7fbd775b2fbba

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
55a4058ae0fe77e12678317bf4b88697

SHA1
dd0621d067ba3f03cc4e75e6be3cfde501042245

SHA256
70327a6dd7bec00c9aaa38130a8bd0cd6b77975e2297c019e205fa1c8eb9efe5

SHA512
eb8bff78343b5ef2e189332054ade8f61a1d493e0554abb94fef0a4ff9ac160c1ce3ae08a8ad5f525105aa253aace9d9d1562f5222a65220c863c431b61530ae

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
3ac7bb27eb3195f9f1440466e76c7c6f

SHA1
d37dd9cdaf7d4600f11bf04a72b458b2b71ecb6b

SHA256
bbf160f0dae3bea63b459242d3cad8aa18847d697c74a20853081e78331e2af7

SHA512
f1590637eeb9796dc74056b2024c7cc5bea01a0edefa2ca514c796ffce0dbf864fa846286330256eacdfb343323325c0d8ef1e0914a1ea7270fab2ac5b797d55

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
84e2b575a46f33f0347d638a39a28491

SHA1
9f4ed524063bc847ea25174a2888c3e94164c75e

SHA256
37bb6fa827e9e6956d9ee69e58a732a42907dcea3dfe391c94c5d4c039d5d564

SHA512
3b42742ef38b7c51b7f84c2a17cdb4310d461e81ab2cf3c1d06d8162eff9744616349752bb1aa69e3516ff60440024d307c8a45ae99d56864abe383b53d0fb3d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
1a642bf50d2f4bc1e832cc12eeed2634

SHA1
6013d7a0cec6ed3adebcbe2a91272bf6a4f8dc57

SHA256
aecd4796e16556ef2042274f39fa21ab23aaed801aec830501770dcbe74cb9bc

SHA512
5d60aef949aff75e2a93354f2cdd53e7188790cb729bf94a5f1ffd58b676988c7014a182d34ab0b31da418f4d9bf30aa8b752d7eb0bdd9e7c633b5fc116b428d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
3c9d7fcb753ca54a73148c5d88b9d9fe

SHA1
4b4eabfcaf155bffaeebf1ccee68eb3043fe55d3

SHA256
85110007b3d811edd0faf480355fbc15cabc1782fa55ff739d6cc62514e6d478

SHA512
f49ce775ee5a1fa64eff8b1180835af28164fccdca0db8a838b46fafa9509f91c9edbcbba0ab2c4dd9778bfea187d0fe1d17a7b8271e2dacd039a7231722b8ab

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
ddb63410abef48b9d567e80b1b5fac4b

SHA1
83de0025313061555418680928ab9acc62727a68

SHA256
18ca1f6ca4062c4e5417c0eea411bd36e6197a38e767a870b0ce90d859b22c72

SHA512
2c5fd281bf37be5a76b199c3c5f45e28b07dc15257aa8fcf56bf04a862c326df48b49349af9a10ec590ae8649c4a41d22ae7f7fb88399b93e0a9e9ffb9a63312

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

Filesize
125B

MD5
f72057c4ee12de2fa83a581355bb2b0c

SHA1
2e1efe953e808e9581f5b945aac880c8176aad70

SHA256
435ef58bd6ab92e909bbb0b2530b6569b41ec8ba36e334d5832684415d7f5e72

SHA512
a8f4c0d8cb07cca2f31a7f1b8502984a80e1e320112faafeaaeb638ec4c87311f85a3b4a6f0df062e38b341932202dac6dca62e861aa88504ea83f5611319bb7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D28.tmp

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D35.tmp

Filesize
504KB

MD5
b5d0f85e7c820db76ef2f4535552f03c

SHA1
91eff42f542175a41549bc966e9b249b65743951

SHA256
3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c

SHA512
5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA8.tmp

Filesize
68KB

MD5
54dde63178e5f043852e1c1b5cde0c4b

SHA1
a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd

SHA256
f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d

SHA512
995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DBE.tmp

Filesize
1.8MB

MD5
804b9539f7be4ece92993dc95c8486f5

SHA1
ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c

SHA256
76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b

SHA512
146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DE8.tmp

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DEA.tmp

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
4.5MB

MD5
f802ae578c7837e45a8bbdca7e957496

SHA1
38754970ba2ef287b6fdf79827795b947a9b6b4d

SHA256
5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

SHA512
9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

Filesize
5.4MB

MD5
956b145931bec84ebc422b5d1d333c49

SHA1
9264cc2ae8c856f84f1d0888f67aea01cdc3e056

SHA256
c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

SHA512
fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

Filesize
336KB

MD5
c41fcb1680e527dfdbabef8743152dfb

SHA1
8926a9d29ef4cba02d03c1056cd938e102404547

SHA256
14ff901dfbc74109e285178b3520e03ed46206fbba3ea90ee56f91d2a1b0b6f2

SHA512
a97f3c1750fdecff5cd888eb051f4a986f2c4ecb4b629fdf9b5bce67a1c47cddcb63d7d9d77460e2b66f88e79f70e8818104e4f763176e34c2404dd2370f7548

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
9.8MB

MD5
35a12cd6fce63aede783ddfa7cf91153

SHA1
b6618ad2eeaf2d26b3d827eca2064d1f3db099fe

SHA256
22478136c8447617328bf454fe82b2e2edeafce57a33d4c12582e87be60b8737

SHA512
8b65afe674d44d49ad11236641fd4b0bc67d16d5fa34ba5937f42d7968c8bb2e4f34018f6d4c7cf15ad37463408487dc826e5680de2e12936c9f483081ccb22e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

Filesize
935B

MD5
de80d1d2eea188b5d91173ad89c619cd

SHA1
97db4df41d09b4c5cdc50069b896445e91ae0010

SHA256
2b68990875509200b2cf5df9f6bdfcda21516e629cab58951aac3be6a1dd470c

SHA512
7a8f5f83552dbff21be515c66c66f72753305160606c22b9d8a552ab02943a2c4e371d17dce833020d2779c6d9fe184a1e9ef3d1b8285c77aeb17b2bba154b3f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

Filesize
16KB

MD5
5c18f0889378ba518c241b4324602eab

SHA1
831edf637843f141575346a7fed90d6ebd39fc33

SHA256
efb17457040b2398196f8c8f3e6a41c248c9b3158fc1402ea20ff0a33867c7d7

SHA512
dce90d38d91b8f40e3bf6bd50291a2fa0537d04e6ce71b054c234f32908511d3606613a99ba564756531396139654bb57f1946fe0a43e40791f195ce251df0ff

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

Filesize
924B

MD5
d063a24a38d6875bedfa1f42492e1aba

SHA1
d46b3d7512b3044fb0ce8f77c390c82f0f2325c8

SHA256
bd03dd16f41d5e297f001751dae3615153e10688520f3647da14719406044bcc

SHA512
2d54d672cb9e77d1bc72babf2a4bc8efbd611d9723158488beb083668db3c0b94dac61b0d17522a5658316436df4390419c81ee35920e663a703c60b7c5114aa

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

Filesize
1.8MB

MD5
e19dd0f3c9d4ce5cb7311c3a1d65962f

SHA1
7123244e7578a3f22daf17bdc882025f3b084baf

SHA256
9f21c48b12f45d2f3b34a3326b237bf673de01b7273c2640ba7920d86b35852d

SHA512
bd32a1cb3a7f0d72021fdea0f483cfa377176a99e0550f037817607f9f88ba89b4c0ec9ef84a7680cdb633c3eed4f82296290df53950747625dba6501c11810b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

Filesize
514B

MD5
e9f8d0933fef7240dec29da26fc0b345

SHA1
0183432e1cc7048736165d02c2513cad5f1e9770

SHA256
72ecce222c2d4e35bf84cdd705e57c7fcc9ba11f33877422095034a49f84ab85

SHA512
efdc76dfdd6e7b643eb78525b31c4d701a07ec851985ac9a0ff8e955c9615fa8dccf5449224e4b751661f94dcd7c81fde09081e05183d983fc24aaeb0b4811a7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
10.0MB

MD5
40f6964e9a1570771c66a22f0f75a7d9

SHA1
6909f018701f0e8954be229ea11b2270d31f7b35

SHA256
0b98cfd614dff10327595817a34e633809c1b91e985932747ea3516d9bd39ce6

SHA512
0ffc96c244d183ab15846c4363cd923ae20110a66104345d9c83a28a4d384ea243b9391d0d7d33d2186f856add4c6998f730b989cf55ed9585e9b7e4694fcc54

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

Filesize
528KB

MD5
ac9b550ed5d28232779eee526b45c595

SHA1
37f7944a97e5c5800330fc614a0d0eb3aca9f7dd

SHA256
28e9e689f703978bc1f90a15af3c64f78d52f23d70f3e48af304290791ce68b0

SHA512
731e7788f352e1a447b80a1cfc4e068f4c03e4f7583ac10b5c2e5b39299f03bfed16d8ebf84dbc48b4903f8e6d7ed1668ed53a48994d7fd631c64be0408b22a9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

Filesize
618KB

MD5
3d4f144c89f9c86ec5b1bb90c6d44386

SHA1
fe020dbac8b5963163394bedb6640c7bb10fc936

SHA256
7d7dcac7065fdc06937f1ea88079099504ae5821fa654b9e7b7b6257dd8fc732

SHA512
485eb645247e928f3d1539974a97fd8e35113ae4f49b556ff659ee245c1fc1aace625931e567879ab7db0986e98a09a0b1c86b74ea1cf84496393325abc87191

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

Filesize
151KB

MD5
35e25bde62f47f52db0ff758a20b0e3c

SHA1
f21fa25fd170d03cefcb50b115c33824d11dfa84

SHA256
8c3637b42cb801614c28a291aa7bb47ad354fa78866f6d74f11109364e843947

SHA512
085c3ea88137c37593fb8f0e89120ae1fcfe7b49e8726ccba9f7fed5cba777aa26564659b3b6ce7175ff0d5894ae4cc848ef55c96d528a95008dfcf05379b391

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

Filesize
26B

MD5
ab58595eaf90064bb8c21ff522ad7d80

SHA1
21ee4bc7a180ae75e4d1ad34006fa3ca1663f9d8

SHA256
3d32b9b12594c9ca3b9527769bfbd0ed481ae9fe058c766e6ce9d14241d4c582

SHA512
2f27ca44124987b4fb0ca876102840205d247ff8dd76072348417f5d3aa8429b2ffe77c372fd4beaf149ace8930bdb1a9dc8535916531de56b10f858ce683330

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
21.0MB

MD5
8044235a8e114a1fc93a689d053163fc

SHA1
6d8fd99e7a14b99ad540ba001be325af2b811301

SHA256
6b4880ae8473b01ad0366a9fa5b355b12c56563b0b756b8d6a0a2297c5b10bb2

SHA512
22437e1fb04de979b3e6cc8c44855ff2db0a8e56331415c4701cadd36b52e164237e58897ec435b5009787b3e4612419b1b46a56e13ed821ddff6ba21d93f8c0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

Filesize
75B

MD5
8a546dfb4addb85e1458529a38673041

SHA1
130a054c221b35e1c3fa067ecd6b6d4c893420d6

SHA256
e1eb69bdf3c9a9be4dc386584d2a51b0eb6efe38e6def48458661d1f83c33c54

SHA512
825f8def1d9ffa34f98b61902b8af1b71fab8fbe4528b135d812256ebc73dd3a753ee3a7eb1100f27db9cfec7cd5923904f38483662291e5db73085a16394a22

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

Filesize
2.6MB

MD5
52c4aa7e428e86445b8e529ef93e8549

SHA1
72508ba29ff3becbbe9668e95efa8748ce69aa3f

SHA256
6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63

SHA512
f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

Filesize
473KB

MD5
76a6c5124f8e0472dd9d78e5b554715b

SHA1
88ab77c04430441874354508fd79636bb94d8719

SHA256
d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d

SHA512
35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

Filesize
5.9MB

MD5
13746dffb89736278050420b8b3b9d5a

SHA1
caefebc81f8121b14833f2003d7c4ead16a1a0f2

SHA256
13540aa84ae9ba500f26790d97d5a78440de7cfaddf9ad4bfbae12c12356f95f

SHA512
607d2d64e83030dc9cee905b8c9baa9666e708ec5963c63d2113d5919b5d4bad4c882b4a697f94cf80c2fe799b3db5009016203a6a83a15a2854f7a644e48eef

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\3c1815df-3088-4a2a-92d9-b0fd23cd17df.tmp

Filesize
63KB

MD5
606fc01417e332f719df7c85aa75600c

SHA1
ef608f6ad163fb6de1f17c996d529b1b1612142b

SHA256
9264774d4332d72d73028196fc029b06aaa3911c2c7f908f9741ab74e4cba6ba

SHA512
a78a97df2842a3cc2f46bb2a45c259e4e55153e09cc6e05c8d0b62aae6a2eba46acc7014ba44e3ccc3d73b3111f4a08e6222f09f392fe9c4ebd7e9c28379e00b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
78dd083e4a8471dc1ce18053da06b04d

SHA1
f51d3d5898cbc5295039e1c5e63f03341b165f2d

SHA256
e92b0647974dca09acba647f508da9f7387165a839f09efca793419b1469e96c

SHA512
99965b2638a82252f6f2e4b162709a3bb45406b4ea4d8a2153c339b7b10f9b4ba764111c269e6e92ebcc7e1954eff02c1260a60313c8646c2c72d84000ed9585

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\00738bbf-c650-47bf-a46d-22ae6cd2024c.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\64558a68-1ab3-4e0a-9f32-4049b9c8bc30.tmp

Filesize
17KB

MD5
62e047a704be06105ef7bb04e72c2329

SHA1
2614a0663838ac29239d47c20bb6fb37fa5790d3

SHA256
c27fbaab9e15e7bd7b8a4948557ec870aa359082f7a4861d1c55c6317f8ddab9

SHA512
6e4a9e8882d7bca2a1535dfe949683dacffc3f020956033c7755b5b35f7a92f646398caa0efabf2f9e7b156b84cb4f24eca47efc9f78827d284248abad06fd82

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
125KB

MD5
36e0645bd3392c55e78f2ea848fbb4e8

SHA1
26c60221905666dfc8002072a0083a1f06cbd8c9

SHA256
bbf5ef817d938f8bbb1bada103e55f96170f62fe6cf7b54b4019071e7072ee15

SHA512
404f91a851752fa3e2a6a70be6b341b5fde778d3b2e9134c69da971e00c003c7e9d309f4e681464a2a566aa8e9ad18bba158a2bb10cc1b320d448037da74c717

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
171KB

MD5
40c1320bc877bf54deb60155e22d608a

SHA1
c4735517bdf6903f80e28d80fbae2c58d8e105c7

SHA256
71e7d96e0b15924a58f28b82f88627957a5ea25f7a23930c295186f3412cca2c

SHA512
d52634fb3d303dceec351f3d9dcf5e8387e9b2c1fd4f7f07ad25a557cc1ca0c7f7ec7005a62ab235904596770152bf63ec2c0bb0e2316b31cd330d79818823a1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
d3907d0ccd03b1134c24d3bcaf05b698

SHA1
d9cfe6b477b49d47b6241b4281f4858d98eaca65

SHA256
f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f

SHA512
4c5df954bd79ed77ee12a49f0f3194e7dbf2720212b0989dad1bc12e2e3701c3ef045b10d4cd53dc5534f00e83a6a6891297c681a5cb3b33a42640ae4e01bbfd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
0774a8b7ca338dc1aba5a0ec8f2b9454

SHA1
6baf2c7cc3a03676c10ce872ef9fa1aa4e185901

SHA256
e0fd57c0d9537d9c9884b6a8ad8c1823800d94dcfb6a2cc988780fe65a592fe6

SHA512
a0066b2a6b656e54f7789fea5c4c965b8603d0b1c3d0b5560cfbafd469a4cb5a566c143c336bcbd443bae2648e960aa0e635770e7c94d0cb49c19326f6ca7b69

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000010

Filesize
19KB

MD5
bcb7c7e2499a055f0e2f93203bdb282b

SHA1
d4a23b132e1ca8a6cb4e678d519f6ae00a8aac58

SHA256
f6537e32263e6c49bf59bd6e4952b6bf06c8f09152c5b016365fef70e35856cf

SHA512
89e5e40a465e3786d35e2eba60bdc0fe2e5bd032dd4a9aa128f52e5b4b9e0871c4c4859f5b681c497fe3c9362e24827ed7cdc55515e3da0718f5129dcc82fe40

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000011

Filesize
173KB

MD5
4a8c93f2cb84336bb11796a549941d40

SHA1
78cbc69d480b07951b23865e27437a565822afc8

SHA256
7dfe96249d73eae447d1edadecd5cc098ab76099647c9e2cf8f3b616d5fe5ee7

SHA512
dd9115f956d945e3d34cf85cb4acf326c37a43f7039ceed076e24077b31bf9cddcf5d92aa491ddc4b5bd37134426231b70527037f76420c8bae9e9700df60e8e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000012

Filesize
120KB

MD5
6c2918af41500d21e282f720f0b2e364

SHA1
7c664d8e579fddeba428d0374daa7576edb55af7

SHA256
2d71a55f5dad7cda17ce63dd9d673c81550681f90d9c059ca23e3be81967c602

SHA512
14859485890626032ac253f7d00277675aa460e206ef537d81ba8cec9fa26e90928ec3c6c90ca5a3977698b45f2619a8c58cb8dc9764cd3e2fb27999a46f2b1a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000015

Filesize
18KB

MD5
a90e737d05ebfa82bf96168def807c36

SHA1
ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b

SHA256
24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

SHA512
bf1944b5daf9747d98f489eb3edbae84e7bc29ff50436d6b068b85091c95d17fe15b721df0bff08df03232b90b1776a82539d7917599b0a3b2f2f299e7525a51

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000016

Filesize
71KB

MD5
911a0fb8cd627ea7fe8dd74f91cd91f2

SHA1
1d9c453dc305fdc6c71c3be545f78261e2b9f8e2

SHA256
590d3fc197734aac6bc26627e6cec322556ea366ae58ea2e897289ecc3e99196

SHA512
acfceda5ae8a9f7e967a68c3cfbb686def7897db37f74640ba6e7342603de7c14096faf552deae296ec6f892cd626cb8e33ccbd246e5d20da75d37ad3ccf2210

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000017

Filesize
54KB

MD5
9880989851fcd47652a37312edb17547

SHA1
fcf275884bff18a926de0bcd46c6bc8918356d86

SHA256
1fc4302f08484cb4df0a32e6cf6ce58cc057de2eed9c645cfdabebef1d3306d1

SHA512
53be2da27a9c74be74a9bdad217c8724affd822a4ae7980439f124d1f8a3e1125b8664e16427308e423a1aa05d83a4b015201ddcd89fed09f9d83902b27e44a9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000018

Filesize
52KB

MD5
8c9f5d592b2671b4910fbd685ae61401

SHA1
2c38e925773617e94fb911f4d1573bd0f44d607b

SHA256
837bb391f879a1edd4521ce965b614bb760c6a2eeacde80329a57631196bea73

SHA512
458c84f09f7473cc56928085cb0325c893ca2f923e921eacfe62b66d4c926b3c99e1c10c8e17c30e00d4d538200d99a6dc1be74818bfa3c219b28714caede9af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000033

Filesize
48KB

MD5
dcd68ffb4cc4fc99fee28e03f348e700

SHA1
7495d613e76687364734ee00e5e558e7bd47718a

SHA256
f453d7bb5a2e85607c6352d45c7a5be89c3baddd0e9a13ca99e42a27e046ae93

SHA512
7c1213d759fab99c6de0a8b07f0ae8c5dadbdd3c55ac466e5d3d272e63335657f8fe003a9dcd88966b4b1c9a7e1bba14f0cd0f11e9edaa1ddd1085befc5ca838

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000034

Filesize
48KB

MD5
414d0f7c715d86f112d8220fc51df82c

SHA1
df95944e6b349996a546054a4ad18b0e06fca774

SHA256
b1fc9738970b7946c95e587842c44cad8f82bc593006a87b9faa3378e91ca96e

SHA512
580efa13fe886f4e4531356a970bdd9f66c5a714d4bbac416dea39faef8a15b03f41813c5a8dac2cd080a4630adef6f4078cb49ed4e52114966abf751fe3e709

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000035

Filesize
48KB

MD5
e0da1149a18294ca6599bc603247e553

SHA1
d6bf375537ca4b4098f175a81cc8b806379f20b3

SHA256
a3d602cb463bf851d1804c5b7fb88ea6884b7ddbe239c31789cc0c37fb81ccdb

SHA512
a8ed81f9adeeed1c6be50d511bb6c5a41c4916533c88d71ddf1e974f312af2577133b71b3f70ee2897e384a972b06df540e2fb628e6d36e46b211ee9bc0936f4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000036

Filesize
48KB

MD5
893d39fba0810b9b82a59d4e8f56e918

SHA1
1d6a3572ec093c5f50aebbf57e0c83ac84451721

SHA256
7ee5cd71bb444fcc52f4d9870470c9765f370af7d8d56112316d1da2c365096d

SHA512
9b22a29ac6ffd3fcd5ed571566dae46248a19d986af3477ae38821e9796bceadaf239f436d38f455cf05157cf3df519f216e41a894600f007474486a107a6a7c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000037

Filesize
48KB

MD5
1aa86a0ef4a2444198e0e039eafb0a94

SHA1
ad2325787f0949da71cf7d8ba5745ae73d8b9269

SHA256
236cf53b37c32b638e679825ae6c3a10519e9a5686205fb0dd02739581a5e8ff

SHA512
7874bd057d0f89bccb0a15d09a9dd2fee981f86a7acc441fabed1b6f27dc5ff4763c9957ead9235fb861a07b51f13bc898ff2191b8655f53e1dda6b6760cf6ce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
117KB

MD5
1ce6db7fa5ea16a1347b00be34a8d958

SHA1
113ccc3f316a57131727e11c7d46a0ab1263f55c

SHA256
ed817586ba7449f8b594a2b60b839fcf170f24d1b3a073f37af9d44d5acb65b7

SHA512
5e1a7b66de7b1ea0abf378931579e207c5a3e731bd393ba23f5a3464783d766e47b3f9e04d6026dcceca4299f167a7d7d21a369f7bd9146209d359559d7fa377

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000040

Filesize
18KB

MD5
4910a54207e1bfaae5fb9d550027b175

SHA1
a45390d59871225f2ddc126ff1b728cefa26ffec

SHA256
5d9be9d7f8838852facf331b3453934ff129b30c3731626c1c0e4b507f30cead

SHA512
84c43a51b1b9b6948e1f11fd772d96ed41c60a91b11c3410a6035acab067407c9f788b2e76eb01e3e866dc11b63616d8172526fb46ee12219563541ca56bde03

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000041

Filesize
21KB

MD5
e225a85bf327519d4cdf78434bfb380a

SHA1
414de973475520c6360dc107b810168e017ed653

SHA256
c1b26ee1e6a802fcf572a1bc63af0cfa9db0793a95e90345b5931782b9d02b74

SHA512
5b4f1534afc2371e1ecab1dec9cdfd61b8e7ae1d342214e29f1e7b8bcf13fad03141d9cf484bef74eced522a61259c96c3d65f485015927baa251aa5890b2fa8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000043

Filesize
65KB

MD5
02741f580a37fabf22d0e5092bbe29f0

SHA1
a43bee32bb6e94c5e3ee25abd577d002db19a22e

SHA256
8613d8bd710d92136031e896ef0c8bc8fd64613aac35cddab1105d09c348af50

SHA512
2a2239b90bd84b981f91be417d0876dc102f0c971c63e1385ab41f712178cb14db76cab7508be47e403f64249b13b7e8496f0e071b728eb43e91204f84c962c3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000044

Filesize
31KB

MD5
0d9f629a193db9d013baa8cc30a729ba

SHA1
3f6d3d4d7f0f8082fcc8580859e95ddb659645c3

SHA256
0a92ffc3c817a9d4ef70482305c05c12f83c39902b4a8c73abbfa1a4c33698f3

SHA512
5cda1a6352838316e9d1129f28ea6192ea85e756adadd3d2e0ade317f5ca2c09ad356d38f6cbbf9d5ba1d2d0a16da3aba72b4ebbaf3faf84d377ec4ca5ccc997

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000045

Filesize
60KB

MD5
caae6947074eea55c3aa5f2d8e6d7c94

SHA1
1cb0651fd7947e81d063b8cf0ee970c5b69401af

SHA256
b75a66c679aa638ec40739265063b92222d1d42341eda62c72a7d2569a8369d4

SHA512
93bb2e9375fff91760b02ee2cb0f62a4e1a5bac9190652468f52fbd90c6462471355ca4e965887bd5e3952190e62f970f1dc825b84061a62d00747ea1fdb5c84

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000046

Filesize
47KB

MD5
e50f36d3cab0dfde62c1c57b951dfefd

SHA1
ddfd78e360736f71676759f8d8ae69534ec64d44

SHA256
337549adc4ab6b4e1a831e5ec1f79400cacfce80151c195d77d566e4d1bdf8f1

SHA512
1d6cd6d843e78f02a44a087721f25940ccaa276d296f8e6c850f2f3a16bf8885d2af5cedecef6aed30a8b6609930842c98084feadfc85ec0eb028c73f1fc21ef

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000047

Filesize
37KB

MD5
8d2397d1721758e5b3f16855a5b59ba8

SHA1
1ebadb67e90a1e35d333d969068fb45481db065f

SHA256
a5d930fb9951e4f30eaf140d04ab1cee09f4ca98485d1d0aa486c74a6b931b01

SHA512
cc69991f28dbdffc57a40c15383c8437913d6e3eb3732673d2a360f88ce800db3a46d74ab70da1883a981debc8a739f744b3891201a0d1a8b5f8b6072b9ba889

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000048

Filesize
115KB

MD5
75b6fa294ed99195df7c8fad20ca52e8

SHA1
b33d2798ccf4ee5acccb95403f9a33c0bf658c4c

SHA256
3f939bbff8a39d55c428c0471a37698e4d21a56d2b847d9d9198189d5f3d3be9

SHA512
01f6901fbe64b80c9c7ca35bf08f4260788bbc23f27a42396f41ce29c8c3693e40de4b8d3339aa14746b2a7663ea928dd2e62ceab27a244b7f2e632f5c130334

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000060

Filesize
70KB

MD5
eb1b8cbab91475aa4d903f5d58fe2822

SHA1
29718feee93a3b7c78344fafdf134055216e8826

SHA256
7c178ded8a4f0c9213bfcaaae3d192a703444247ab3229f6a3bcf6679c1040ef

SHA512
b9b72c2cc1261ddfaeba185a8a478350f6a3063014130a8d0808439a9b2882fbc9438f46cab6c2cc0622d8493883ec1c6557257bd054d4381f5712a114a61088

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\CdmStorage.db

Filesize
160KB

MD5
e9fcb41b1fee21cd572a91184c8c23b8

SHA1
699099abc30e0d96c364a68f967bd2e26a1535b7

SHA256
68590788b1ba533d2f2ca85f81dc711238a37a095722823f5651177b38fc2b61

SHA512
30393a706900f3ab4f16ff326a7a9da68863ee254c2c9bb5d8bcfc95239f919b8bb3c392c064c1bfb86c23344769ded300f2c11284ecf89ee8a09d5284f968cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8004c43a3b61615dde7bee0a6d9318d5

SHA1
c18b5cc479c8702432cc0e23f4fd18157750b622

SHA256
cdb7f80afa9be73783c9a306b66b1f466eae60480fbece85cb60f3bc4434a449

SHA512
8c2af4ec2610dbcc77186747a22c4cc2105d188c9131a78dbc49e6a5568d22e25291eef1c7949d4032045a76ef39c3c115ee44bc036f7017c22c3f6a81b3d1d9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b65ff9d69ea7bd34744817102113b4c0

SHA1
56ab3e3fc62787cc0e58491b9a03fa75999a65e5

SHA256
8d632a3337b74ec57dd818e46b6ceb97a9d579cbfb8e33f3fb4e0f9b3b7558aa

SHA512
176e272a9a2d4644cb73e271e539bf425dab54520ed3b283d1948fd6e8c188ad686bb4637716135275436d2d84e6d798871923cef5bb8d751e7148df2047ddba

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
566c62da634fbb943511e96779e75285

SHA1
73af751be15e9ceec01fa6c3d79a9d69734aa4e5

SHA256
887f6f770f9512e168caa1885d53825e5d0db1adc7521647224216e47192424c

SHA512
93e821f040d5e1f2350a9f232dda75e92e77ecaeb00b892083af073ca59116ad9b5e76d171fde6642c6003c07fe635311a69be07daf4230c8a402265960ad965

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a82f1eab46102221434877037197f54b

SHA1
45aa864cb6a4205b933c617b68f8f630a53c9f06

SHA256
fc6814520c81e55e348f6cf28caa341c4ffad09b6d137380cce88d2669f92531

SHA512
21fd4c866fafd3bfd4ab762f44902c3cb3a9c7e683c367bb8ecdfed11167956cbb94b3200fa50207504524414721c6aa71b5e35d32a54a6b7b1265b20f19d5b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
151360842f8d010fb62b98779b2f52c6

SHA1
d5edb744c8413980c835e0c8de44f87904aec628

SHA256
370547833e3c97eea00177f0af18189bb59e973480d14fe089ea03f3c24cf031

SHA512
cc59bfa6a153985d1b5f5d05e8c8dc411f1f13fd08ecddab3c860a907fb31ffa88586b37bcb0e34df00db60ff344ec9750fd08b41f88d6c08141e4f824860e7c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cb656ca5c682808b2c799dbea1ac364d

SHA1
9908802d9e293c07c524a1979845349c8321d4f8

SHA256
aaf523c6b64ecc47847849091b344d80c84f2b03d81fe325197bea064a58149a

SHA512
7d88d50c6474bee71f23aecd07a362497064c017f9c9e611b19490773da3b9d9e93a6d1778a88349d6ac08e641aa1aac2841edbbc5d53b989f4a9c2ce57385cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
74d1968f8e484019b621f36322046ff1

SHA1
f22d3ad22650e42ddf65f1b5ed1e5b20908b6e94

SHA256
215406b0e3d26f1eff82806cb1dc51c2cf92e85375abf866ab7ba3b8c144ff95

SHA512
dfad229c277ffa0604e49b3d892b6ffea318e77edee9868262fa967826ac59a32f8debfaa0f35d411e5f7371fd52b6460c6836519586a51bcda5bb65680d826e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
23e2ed87b449ca606e6a6c0aa0fb9c68

SHA1
3b688ad08c9ae3fabb2a9662b76056a28b9d5071

SHA256
6079c2dd4d48bbc87275cd9daba65deb91c12b53d48acc0e09453c0fff1c38f3

SHA512
e32785f1852e4675ce3e697f388dec556ab4601700adfc1246e78d9e6a9ab0a0d0787b18d4f8ffd6a3731c85f78f0a7eee0d7dde101b295e400c1417a32f0606

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
6KB

MD5
ae5388c01d9eb6ca51f62b1e59d60767

SHA1
1c30483235bfba66e00d24393f0f40106d2054bf

SHA256
d7dc613b855d511e0786c7a6309c4bef829675dc51479444b09d2f2e4257b3ef

SHA512
3cbd4a38059b1d517e241cf63941a0665fe80e006cd6cafa7a73b578da50c103146d812f198f0c422c7a9f80f51f2bf5ad2bf232617531acd11a4c27c5ae7620

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe597bfc.TMP

Filesize
6KB

MD5
b269f473f0f719bd1ebb97cafb97deb7

SHA1
6f3e773f3f46cc118c3284315cdd77556b7e0aae

SHA256
d1949739c76a3261e1d5dbab575bdcf1f4c2624e3c1551daef550f7654e6a5aa

SHA512
cbd8cec0eede298366d3e087d31a0471ea15a2c9f23735a3e20d17897e04503f75578f1bf01a035abe82c3ab5191692cf60c3fc9d05a36d02566b798b4daf899

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8abada6008e3cbdd84469eebff3e85f0

SHA1
99803e7e1ff4d30ee000750a784c35647ed53282

SHA256
828c4c84a68821ac7d4cc6fb63ce07f5e31d7a1b36531c9801b92816ba4d5196

SHA512
3386c7352eedd671967095814c9bf8113e9ffac39a17a3af17c47af88332764dc954d11da871d31aacc4749b2f91f10f86e28ff9269e49bdd11beeba55a995ef

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1ffcb417e35de0264f6d98fa85255aea

SHA1
0264f8b19f2a0e68d344494ab8c144caf72eb2a6

SHA256
495526482092b7086d49ff651f609f0f75f970a6b5c5a68d928e216ef6919337

SHA512
c14b8e72d78edd6ae8499fd7b4e0b5ca1e42eccbee7e93f854b9f93b3d61e47fa8e96835198de3e96520c04aa3643737d989d77fc6c8695068514cccafb550ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
106b5dfbe9d9126456c613162ca9e2de

SHA1
97b1f5a6eb1b6c198d6fb35922debfa520fcd11d

SHA256
98a7c9c1cbb9fc1ec3502ccd1aed1aefd45376117350ad67d983bec34e8ae33f

SHA512
80928ac08e132fb7b2431463f3a74b6e7cd880bcfacce7c82fe523053c42429bd8017bb51567760e105136aed1434c7accafac3bd7edc18489d85fe1424ec638

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
20323bfc35713d96abf05ed01d424971

SHA1
f8919c465b80288bc1579b87d123a40f78af0326

SHA256
377ef98f127cfb13f410dcca661eb475f87663c0f0f01219bb43c8b897901aac

SHA512
31d9b17a5853a6a0ae9cb436768e49852e41f61e9d67b3cf2fe4efd827824fb53f4d5e9e9e30eee10a73e2252e1ea95147d03a61376998d12ce8ff5dbd277c94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe59f64d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
689cd77ac1747ffc4bde8c508c2ce97a

SHA1
91fbcda0f7e75c401bc0da99f79853e5b179568b

SHA256
befa0602f06fd464d4fb03c101f0063c4d5d7c3a07d5610bf71da1e797763280

SHA512
90ac4826d01387162aa8d5b60ec78d191e79d87b7ee9471ad94c6b1eca3fe62ad04a04712507f6fe49d730a105cb7b1db1a9a71cb887b6142dc0e9ea3b3b3a08

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff825f6602622a17ba7f7ae12a78861c

SHA1
bc5b81e854b584ead78c1ca6306deb995f17866b

SHA256
dd66cf157ec9bbfc5f85f3d151a5d7255e651ec07e7bba6d53e7e692f74b15df

SHA512
953e56332e5ab63f9b81fa8bc6f28ad34c7834ed5c8c9aa9d12a0cf0ca918bb9535ec2a67719e98da4132d522edd02a316097bfc74ab497c92019dac3789bc23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
0e7674c188818f86d42b8a98fdea410b

SHA1
9de324706382af038d6c7248c9eab2ca148f89a6

SHA256
69c67908c19dffeb7a5f0f8134d1e1016045eebebb1a8fd1a7801480f827e4ea

SHA512
a58ade435814aa480318f93c7085acc452758251d6fcbdfb558358f21d26c3c36a43323f08bfecf12db8870df6eef075f932cfb10dbf77f1a83e0b56bc3e4f53

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
9e961b9d9d9f0af61981b963e225423d

SHA1
932fa1cb3e546344513504f0a3ebe1085252728c

SHA256
d4a2b6e8c183e198412427885a5e23aefaa577c1a03f92f5f49875bbf112f296

SHA512
4a7ffeb5a91154f797c03920fa8cf8f127b3b36888f76eb750bbaf8347f64b8c2ded76015cc58f521e0506ddae2a01116bfefaa195c8855686e848b92cfd6a68

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f5bffc48322855de492841f625331b81

SHA1
a6820aa520527cd06a7f71f65ccab04dcc469edd

SHA256
c4dcd7ce425cda0d685496c635cb52b4b4960d86ea1f05747598692ae067ddf9

SHA512
b7f74077d51abddb3c6f6f13ca4b2e822f714e5934d06b91fe346216deee331839da8d6f82622600f2974a686c562b8ccdc4ae2650b81c0b09e701abb1f9691f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
e75b841bad96b2f57ccc06af940a433e

SHA1
0db72243f5b780e8efd9fe20ed470bc074d76fb0

SHA256
bb12bb7aa2b0dcb1720e218dc947482d2466b75aeec803cb998365c4ed85fc95

SHA512
7f5d0d84b05a3dd1d32846c5e5107efe2de1982a8ed4e6282d50acf12f91b043d8184f80603b9cb6d07b403fa64b9ede9b4eb7848cd864da10511deaab2a0618

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
2249b0aa7819ee83d9eed41f0c796ca0

SHA1
c9d80f9d3aa1446325b56b73d05cf37a0d5759f9

SHA256
d60bd0a2ff1cb2a062187edc392efb252e2434e8a4211e1673de0954c6a23f3d

SHA512
12bd34bc269f099537412f4d414b42f4ca4d82fee9f4a06a75518328d65573b051a3daf95318b251fe5c7dcdcfff4f9dda3364144511fea9f7365ae39db46b10

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
11c35b225c9dcd56cdbc2e5cf0564096

SHA1
b208fca449bcf6d9b76929c1c968859ba99c3250

SHA256
a152eb65e673c8e95a26951be832010709985250326e60d102d257cf80f2c205

SHA512
8c7385bd14653e953855019c37f7a88b0ba7065c812e660c9a84170f65564d2006175263dd8b3d15d33b6fd386b85e5749c2d3f917d187d5b7e6d3de790c4a63

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
bb4272469e4efa84bdb5fd9a9c37c5af

SHA1
270fe740e2e4b5dd27ecbf6f5966afe5d2e143da

SHA256
7e410846db9c817f77aaf0ba0f9ca84e26a16f64fd14e3cf8fae1396f383a4b2

SHA512
3d52bc384f0cdbd6c5b9cd4e6806629775aee1a327226f13fd693713ac5ecd61a5f1aa5c63aee2a2a7d355e6a2c86baad82f38feb8d48574f2df05177b04e42c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
e7a5ccf7e0f332ae59e5af86ecf9b809

SHA1
846d390aad35036f8d7cb0b7775255c8151d246d

SHA256
70688ee6e5762c1e2b829282d57530ae89a3337d0914b48dda427c7f48692b1f

SHA512
ff7d70275f7abc4c0a7952f45b27e3488db1a3c1eaf4c438e621a6acbe9b6cc83ac5cc4a3788f25f0d122cd4601fcd2a0b04c9b47d34d5b0d96d0fe1861d17a8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da144773643b77868a2b30d035cae96d

SHA1
3d3bc6c4206b4c3a8696130518d5bd47a8a19230

SHA256
5504e0d04019d86659ee80b6fdab1d332edce51b9c684816fd56e66f490e895b

SHA512
dd2388b9d2e02fdbf9e51145d63286f298a2e67294f0dc65e8f9008a0403499387113229b785cce744cb084c05a1195920d9811394443fb0487b9817bfa84140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe59dc9b.TMP

Filesize
523B

MD5
d8ed5ed7127507a87a8a07b68ccb3a26

SHA1
e85a7b658f640b4e924c4c0a3da7ff19fb0b540f

SHA256
1b459f91b0ed4e475c46ed7b84f3fd4548f6e509f97560e5adce6c57184386de

SHA512
874756f5acbf3bde4b3b498baa74f804059ae6dd3ea842238afcb2296d48622e3a2d7f052f13728ef2758f486dd58b4e10b4013cd561eb452bb96951d59e7f19

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
7f971cc6825c464d2f5ddbf58d7d08f6

SHA1
79779953cd7aa61c546e22d83a7d60841c361853

SHA256
7051ea50cb8c8d01a0cae159fd9866d0d6dfbb2772c8a6b5571ad1405420ff01

SHA512
4b6a6abacb9d05f5deb49b2efd5d958f553c36665f453ab382b06cbdbff47af8ff584649e5b7a37acc4ff7c5f22990f693c17fa9cf59ec792cab35b7da703b82

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
17KB

MD5
31b3e9f6f866a5ed9456f8d16e9be39d

SHA1
d5538f544822c695b145655b02def228dc6d1136

SHA256
2a79c55c037c61df95f6b75c6a1b3ee3a6da2c11ee9f3ca97d12fd920d6fd2a7

SHA512
5f4af23da07bd275eff458aa8bc6a83c69fe32cb1f8787ae2b8b3e137fca1d046fe61c8565071d4ff9c6d8d8832a75616cd4224eb9914bf27b3167b67313bb22

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
18KB

MD5
fffd2cb5eabf43f8156a35cfd3bbab81

SHA1
b180c9fa724bc23d35f4207e171e19b985236614

SHA256
a2d4e58b9113750c013f3887b5e62693c3d4da8c958431fc16c186ede2dd3cb6

SHA512
a8e37173caa21e80dff616a41fae1de3153ff919c7b03142c29ff707c4b822e144ae4c560a89f2b5331d3610cc96c6ab8df4004d1b52368199bebe2c76f73082

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe593b4a.TMP

Filesize
2KB

MD5
91e103248e8693f7fb51482fa8b0228e

SHA1
b3f7ccc77a4dcf9f67038ea4bd724964b91adf25

SHA256
75652acf928bb114ea2bd24e28ff005689d05854d1208ca9ced72a94c7e992cd

SHA512
6ee46c0f25d300ecfa73324d8ebf481d0395dacb86770d20ec1d803d07d5d08986eb31ee8f8c17bb39f26d5da8a303752d47c86c0c70289069c63819c18e1427

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
c18a947ca2f403aa2af889217a1e3e65

SHA1
9b2d93fddcf31458d3d29e86e4616a0d2f27923a

SHA256
c88569bb56a318ebd73cda7c7afc22c5097fe55106c4343fc030405ff4117ffa

SHA512
61ac839b17be316721da9723b456ef0a61623d4694853b4a29acae14882907d28f1a062e468b17af05fd832494f4c7b61d56ce363c7a0c0fba8d2c6620538736

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\e3b40a4f-f41a-4022-9990-4e16dc51cced.tmp

Filesize
7KB

MD5
b91f88bc9c881796c7113310c7c2f465

SHA1
b10658e30d6e9e3338829b9f648f3a3b9ae4e5e0

SHA256
5db80011679b1237eb0c7addb7e2d5833a0370746e58e193f526b95ab623bdf4

SHA512
b06a211383d90663bfaf3485871d859e7e70ef56d79f31c3ed2cda2c29755ec93633a9d921380fdb00d8e6eaa45a4a0abc3325ce4d5000cf1f9bd8b0fd552b70

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
33b20403b2cd0b1806ed886cafac7446

SHA1
3a98fa8539e1b2b138d9092ebcf4ae06e9198968

SHA256
4af3b822b99f3db0f536a04ac76efc7edc95c7c40f5bca67a8884f266ebecea2

SHA512
a78723affee45de6a710149c9a35bd97c35dc6e832323ac0568dde8d04326c7f6416cf175dd15198008226c29b9801d072ca07453f0203d1de8f1115cac2f3e4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
0612c12fc161380d8e486bf2edc0e3e4

SHA1
f5314293fd37342ed9ad5a777d64132eb26c8d9f

SHA256
47fdeabd2da57eda69a4a6e228c8fca4647b1136a514333b1300208ed1aac63f

SHA512
e1ab4257ece331a22c8793c2b88ef1e015a9d45841c28ea59dcc0ce3657adf48191f5c19b0ac42a46fc9e24f4196fa1720d5f2e225cec0c0b7bc1002842f5c97

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
5efc14b2b7254a17776b16ecc3f90501

SHA1
5aabca8c0010f3cc41deefa3847553b24100a76e

SHA256
ce2abb21f6a921b04fad60e935bdee27e9e0409de2263d76ff08802cf3584bb1

SHA512
a5bfb191765f982fdea07882bbbdeb6debbedd80e8dcc70144c7d64b680e1f6c40a46cee3f6705a7406d4a5b45efa567dfe238209426e1dd2e3a7b4d3cf78fbc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
024d2cdbcc5132d2a876ee5a6eb35b68

SHA1
9e223dcad19d71ec04e027d47dd2c8db327ddb2b

SHA256
db789f9200c52453bf40199ca13f90a896eb9c85af100a4d065af69e6ec12ccd

SHA512
b2f55f696268c9c6055b933acb12a9a59f4251b83712c00234bc9fbdf53921ae5b828b624e79d10169f5784006c9e667aa299a8cbd7acbb48bec968eb44429af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
96cb1b9bc9dd4252a792e31935c53fdf

SHA1
9db5695420d7f3dceaf0633be276bde4af84eb78

SHA256
c91c23cc6930c15a08a8d5dba5717df217656ac953813e00057fc8b4d246daa0

SHA512
cab5c412c9773fe6c50fa7caf8a667be321d806880fbe38436acca82b1c0835f5ef6ca3a6b8017a585105925e0b0639ac595daf25419734a05350e35d0577e9c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
d09838bbf304af2bc1e2b2964324ca2c

SHA1
703f28a8fc863c8f39ca815cbd4d38196f5d21c0

SHA256
9c70d51f6a6fa54c3eb1154779ba35d05f9085fd56a070055e5c60b5338bd9fd

SHA512
f4b085208236344cf4d2de4475e26f7ce4afb26946be0aa784ca9bfee388441d487f3ce51579d50d00285cc59d5f2f81e170d9100cb0485d7543331ddc674fef

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
e1a968974bed9eb23f6be2031480e5d4

SHA1
d9f30ffe41649f01b170e41560ffd867ea6d4e86

SHA256
c8190367350f22aabd7dc39b334648c95df1a7de928a54cf54d7656ffcdf6b98

SHA512
1400da546194f5817cf1ba0fc72236a2859409b1c5ed2c3074bf44121bcdf7edb913fe2ec7649a97ab1cbad81608d3db0d8059b7a604b2f516f4425e8cf76122

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
ef4f1d0e44923d33fea32ef6f813df8e

SHA1
4e8511087db53eae521494c5b8cb96164ca186f7

SHA256
6d9a033f1d2882452f4c9cf890ac471f40d6b1691206a47816555a5dac762a7e

SHA512
0a0495d09329641fe6e63b863e554b87506eb69e74e504c066d01eb75393bed2e09c6de2e26ba8f47b94e539640c12526b6432a3a44c790e27403e72e0216ec9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
7b2f0d8749b6170471d037fc5cf5c5de

SHA1
dd444a07b9ae720961abd3be322eae3b7bc1362a

SHA256
17745c983c54b5e0abea87eadf427f4d274ed78c42ffb2365512e9d2fc2104f4

SHA512
59eb6c8c78b39bdb9f63de2e9e99d605489f6b09c2b77aa40556339133f17017b3eab9ced12db7133c25bcea9ff3186e60525c17b08e204195366342222f685c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
8ee5cc5cb7bc5ec89174fe0df9ede657

SHA1
c77fd515d75e7a94563358c903eddecc5b709717

SHA256
d8c2b9800128ae6da6e8e40acc7ad5d4e798312f908b1ade70f22a8aa8ba3f32

SHA512
c385b22c99379e879e94fa05a26350805200e831fa445dd3424bd71e8306c3542c2d84aebaa004999042cf21169d3943dc81ab0897580f7fcecc47d8ad85eedf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
b96d858131207fcf2020aa493918ad34

SHA1
abbf3d1098c8d63c296060244b355247168b298f

SHA256
9069ded66f381abbb327b38aa068c0efbf9f2bb31e2d3101ca39c3f3ebe0dbd1

SHA512
cb0d9495af5714716cf78010a60f36044cf12d850f9df978181ebffe36824843d6dd79e82688f54979fa41a20bb65f2977715ce7aef76fa4d1a20138250803e8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
99532a94abafeb7d1c18ea83975c3d5c

SHA1
76cfceae664e7e426370548d20c23031916b3109

SHA256
2715764177ae7959e2b8b5d0f91a27c08e0449e66428e08b2c8b6461ffeac95f

SHA512
a2accb039db42c1fe1e2a6749e605cc1c5ff21a3e34d362e0ef861fe8a65d95fe60b90eaf257bf61d06fd2d0a544d3aa7628722e75dccfe2c5fc861b87f79c53

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
c6cdeead3ff4b7cd259eb4d2dd96c084

SHA1
94600553e3c455d1f1e922b8cb8215b6d714a4f2

SHA256
2eb3ac58c8c30599fa74c90b3737d9ee9cdfef400cd7eab4d1d7897a656ee721

SHA512
2ef945c5f36b46c9e3b7d0265c7cb9e187134bab7a24138628ad51d3a461587e009925703fc3fe886cc199c1509590c62ddef96b7d30eb2844c2451855499e58

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
82c3f79cd0421b2fc36b5210ec9d94f7

SHA1
a9092b5423bfb90f175371bdb22a2b60328c15f9

SHA256
90c213b102c94252124ddc30f1be3a10f2e85aaffb140e688a119bf759faefe6

SHA512
e398c4d94c88a2ea1bab329bf1c526326678eaba278c40169734fff43ab191b04762f62187c9d2300d1df753a772000855bfd6509cfdb45aa982e76d008fa928

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
da5e038fe7ee0c3ab1d21a6c128bab2e

SHA1
e513d669390e0a8ec5a727b4831cf0234de32661

SHA256
499f7473b75a8b2e491ca79f97773085ae4ed7b59f6d25213d26b571c768a095

SHA512
fe8f62c0d06676bf409dc7d2b3644eb9cf5b69662d357a806b9df8da22e79a62723ffc25b191d8c3c79c8ea4549df509bffd9fe6f8a8c7c50f49d1e8fe884ea7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
5957ad5ebad85a626486217f79f4c1e5

SHA1
f450962206bddf64f68ad0a7c930c6da5fea3751

SHA256
7ad491c8f50b1382c16a1164af32f5373e90da9419919161694de0ff6c19bb49

SHA512
78591d00c7e7c86b1b3e8255d584b8a8361ce069f52a08a3fd511eb8d4b973dde451f34929427d732dcbb78f81fc6c9aa622793a977d03b763cd1439b2f9701d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
aeb58c6c121d08f69c5a6e6f8415fde0

SHA1
22f45fa6b88e9978e7f763f21ea476aa8cfdf01a

SHA256
24dea82ec4282ca3f3a723d8b5a534372bd813c70e4bf0f19b937c47b9154532

SHA512
f07d33dd036921be19410e2fbdd7fe6936652c642b67e705e53c396f1e8c4ad3d36010ca9d8580916f257d177151d5b3128cc8eaa75d475b90290c612895c83e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
e7844dcd19eb4ef630bf18111653acff

SHA1
8023109f3678b9df0376996b4e248b1230dfac8a

SHA256
17df343fc66bae3284c5776e1ce3a70d007225b24ae7d6204984d041706150f3

SHA512
31d89a6dea49ff612f3430d96602bfefe8517c9eb8909e1b95d0dd776a384e62619b0a2dab39a5b76c33a06068c66670249c15479d85af27d3f3304bc26bb958

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe5913ec.TMP

Filesize
6KB

MD5
4aba4a16c576fc2d50d3ae4ea90be1ac

SHA1
b81318be041fb85b59b1d719c7e0741506d2e4f2

SHA256
a4d7ea06da2a0cd9b53170ab6a5384ed5c99fc2c16d83af21d1273c17a1eef10

SHA512
3b8213139af4ca6b2213d107e6f78fe5a942d6cf44c8e3f70f63cb8077bb788e4e82b67d32251953717342d4c09ed2f09ca4f5e9d9b8db0356c084c1d06ac8ad

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\ct_config.pb

Filesize
50KB

MD5
46b4d311088a1b5476ef5378009fb040

SHA1
5f4e068b959d6b52a46f4ce9bbca3149fd3178bd

SHA256
33f556efb669f0078999e06d42d3d29393a3909e6775f3fc2eb59e28588b6c14

SHA512
3f85d8f6eaea9c8d39df16a527b9d78faa67549af4c1e4ae59fa7bb6bc0acabfb35ad808cfe94fda07e60ffcff26e0c0b508f39e1aa6ecbf63dd9da845128400

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.6.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.284\list.txt

Filesize
149KB

MD5
bee4aaef0893e1aff8ce7df8c7363a8f

SHA1
5cb486883b3d6e24d7c4178e8948650dddd98d87

SHA256
c49cdbb96c613b6ab72bc28188e356075af68cd1625833e308188617eec0ff6f

SHA512
a693df4f0d7513008cdbca7bca9e6ddb7f9fd3064789cd176909bbf14f7550780744eb76d6915cd4dceba3398690ecf4ec16955b47e4aac1c15d1efaffa652bc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\clean-urls.json

Filesize
18KB

MD5
3e6714a16e04d03f205a85f2563eb1aa

SHA1
a76641cf3a4745ae2e4426fb10b73a6af4f1f272

SHA256
3c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0

SHA512
05062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\debounce.json

Filesize
11KB

MD5
e0df2d0dc75d2deac9eebbe0ba8db9ab

SHA1
d0636e518045a34eb081096f86609744fa47ddab

SHA256
5f05b84687de1011614eb1ededfe23d6f98fb2be47ea1a04bae0c95d9a3113c2

SHA512
c086e251cac5c121b8841f0dbfd2a45af99991a8b4bf584727c6bbe7e1e52d2361d2ffeb099be5da937b17d3ea36882d7516ebb294b5f2ccd9959424c2a5a0e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\webcompat-exceptions.json

Filesize
6KB

MD5
54b1343eed0640cc4b415bd1ef50dba1

SHA1
df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba

SHA256
9344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4

SHA512
c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\b4028c6d-9757-464f-8ebf-c29e1aa723f8.tmp

Filesize
48KB

MD5
2934ad6e255637cae911acc87269fd72

SHA1
e53e481dc79b2e242493a09b201575cda414dcb9

SHA256
28069b5cb3a75f996228fc6c588ff329f7e6a65a5d688950ca7db0333a810617

SHA512
68505c6993b10afffddcc1836d1d84c77c8ac47f6aa146ae06d869b0a1257acf86e133fd6dabd8f96910fb5b05911c8e7acabc75a88f295745b0fe4907da2ad3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10558\list.txt

Filesize
54KB

MD5
5c94c003873f693b7c1a0917d0077f2a

SHA1
610bc6154d3b90d028c12a97e8457e68522d38b6

SHA256
fa8c38851b4c58767bb453ca308f274c9bce80d89a8a6e2d83339acc4e12e87b

SHA512
0ca20397e99b9dfb0c9efa9f916d6298d52dd2e372b8d7723769409a0ab3ecf2a5b7edf20d4e88459419973cc009711012d1a7496c3158cf30e24ba0f64e7ffe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.11735\list.txt

Filesize
1.4MB

MD5
58c5eed4e9dce8590c751f6e249aee34

SHA1
bf3608cb4a47f6f7a4cbee1d8f01689e4cb2a520

SHA256
62b8e2d377758c19cf87ed291ff4bfa64d476b60357b8d5aa1c5ac88206f8b5c

SHA512
8bb0608b0034d6b39fc4a1a0deead00b2f3c9a784c6280bbdddbb8fea82258a9c83bd262343000ca9f8819bb7b568384421fa78e2a81e1f7ff298464af6aacb1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_2d2a41f3bfac820d7c0c26151bf68ffdbab228b8dced84ce09232188160f4a36

Filesize
50KB

MD5
f43d8806e05c73a820166e3ef46751c3

SHA1
c08eaa8fd072d629b25e2abce42739ff21fd61f9

SHA256
2d2a41f3bfac820d7c0c26151bf68ffdbab228b8dced84ce09232188160f4a36

SHA512
86be9ed995c13e9419f32d71e654a9f1b76e73334e655b83fb9a0c68abe2994cf7a8f5ccdc1468d24d24d9aae956988f860af2b989f8e76a808be58866c68359

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_a58adefdaf784d8e18be7361cc1fc0754006ab0645db39e030cbd2198fa1635f

Filesize
71KB

MD5
08e05280d696d07c593d854939f5797a

SHA1
044db06c4654fe2e82fa2bc1ed4da36ee95fe323

SHA256
a58adefdaf784d8e18be7361cc1fc0754006ab0645db39e030cbd2198fa1635f

SHA512
1e18235702880626275e41ffe5bcd81ed0b44e790980da3356cc924eccd9f9437bd1268e9a6b2f94ceb648ba740001c7b91b77e8d24ed9ebddc095806d7397d2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_7d4e4ce25c5da011a952710792a78a120a939b71d5e869480422e64034f9bfae

Filesize
18KB

MD5
a610a23550de25c11db8e6534510e0cc

SHA1
0177dad61ced19cc2319199cd651c7a47ba5cb8e

SHA256
7d4e4ce25c5da011a952710792a78a120a939b71d5e869480422e64034f9bfae

SHA512
2a8469ec8e52c4725cce748aee86c39fe95e7e1327e15c1926f248a848f0fece1fa2c4509e3d9bd50e7eeeaa300dd1df94022387e5acbb9bf8f7a15682bfca7f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_65e1e03c586bb7830ba6faf0b86c816ab15e377356dc1636aad97e4ff16eea28

Filesize
413KB

MD5
66e5e3a20f753e4af0c76abd212861eb

SHA1
0288ecd5dfa968d019e0bf639a1304be367f41f7

SHA256
65e1e03c586bb7830ba6faf0b86c816ab15e377356dc1636aad97e4ff16eea28

SHA512
dfea4987cd86211a8662e56bc72785c67534126a526202d1a043faabf5293520f2c47fbca700fe6698609925ad30d184e433cd500d20ce0e2a35429ac9c75d23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

Filesize
150KB

MD5
e1900863188285f81af2e44329c5dfc3

SHA1
fc1234b818d73e3925c9e308644c39b7b0a1eae9

SHA256
9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

SHA512
be5c29c05ba5a79118e5b4d3223c27b50a00e89b429865267cc468a447fce91ec6e27fb5efef108e362a9d5722ef915cbf453199253b8b08560247be2566ebe0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_2a6b00780c6691260311f33977e42296fcb0295a3b95970b0e3d755bfbb0cfad

Filesize
1.3MB

MD5
28efec39d680df632bede822a99ca4a2

SHA1
35a758bcfda42302f03928dffbea72c5fdc7d61e

SHA256
2a6b00780c6691260311f33977e42296fcb0295a3b95970b0e3d755bfbb0cfad

SHA512
c08b858c78244bbfa3856e979a3b20d6034a6890727dee22bff8616917a0d43fd17c6a0e2bf3a6f2c25e968d75321fc52afb316f7d5c331dd9c27dab7facbbff

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.63e9c17ef27d00a5bd908e796ee65d98279a8334e198a8ce35904f3a7356df10

Filesize
594KB

MD5
a2d65b2607784d1c28f9f9d9b3bf404e

SHA1
dc29c990faa57ffd0c4dbd518b72c7bd599fdb76

SHA256
63e9c17ef27d00a5bd908e796ee65d98279a8334e198a8ce35904f3a7356df10

SHA512
ee0ef8654c840a8c5e6058c17e3761e574ecc4f36e31f7a79445189eca7d666306cf316c364a919e3612827145f4c6dad358036c7a3475da67a0d40a7bb7edf0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_4e501ff77648ca423a85ebecc6ba396cbd0d8ee5657f787b7c582032f787498e

Filesize
1.6MB

MD5
6db53990fe84c0e676834604b801d3d8

SHA1
be1d33892e7c0331f1b6e19b23fc7f1d7edd48f1

SHA256
4e501ff77648ca423a85ebecc6ba396cbd0d8ee5657f787b7c582032f787498e

SHA512
c65fc63aa723016f57dfe022025c6d4e59fb3a6f00a3e67cb433c1c8a4613f726a3482b5aec052b96558d0073a44d9611faa932500a9c145c97f003ff1a46507

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.4a54c9608d3cd43d98b0a7efb59dbf0dbb96a894b590c8c12aa887d919a3fa62

Filesize
9KB

MD5
0cb054719539c9976740cbf6347deda4

SHA1
f67b7c673822110edbaf783c4ba6002914f233cb

SHA256
4a54c9608d3cd43d98b0a7efb59dbf0dbb96a894b590c8c12aa887d919a3fa62

SHA512
7da4b2d87af6f0601479417cc6bd5390dcab2aefe03ae9414bd7f9b8b033baf8b7952eef7d1f9f465d7472cc14b40bca37c583e00fd6508d5388c19db1c26c7f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

Filesize
77KB

MD5
1068b68cfdad67e39e13fb7b97adbdb6

SHA1
d3dac92d9c28b948ec33699ff69ae75a900de6cb

SHA256
e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

SHA512
da6c4d63d8d22e231d5101d93429a3ecc33c89d62b5fc969c7276816d79f8cbe45a16652507581480edb83b61f0e1c57f41e4432f6fdd67c878f38e0d4eef64d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.87177d7f53dd18296ceccb0b93086a0e10d812739babd6da6927132c7638c3fb

Filesize
5.1MB

MD5
ce91ffdd78f9f327b3abbef87a4add32

SHA1
6f00974c463e9769bed173fd94f6f524f07aee99

SHA256
87177d7f53dd18296ceccb0b93086a0e10d812739babd6da6927132c7638c3fb

SHA512
e3fefe0c97e71f8d463c1493bd7e0688f43f783d6257a690aba4c691b3a35f10f3edeedf2694c8ae4930162dfc43d7dacee33cd04bb78dc4e235ce5f80f941bf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1844\photo.json

Filesize
4KB

MD5
846795288c05ed6509da677f544cb98d

SHA1
cc9d35920935d94261f29ca46768a7091973af65

SHA256
e05771b436f10c8f316480b522a4e0d19825a7b99288e7e0351433a2e40bdd7c

SHA512
36850ee76f6fddbc4c56d311f8b0f99b15344f2d9bee4f4fc981219aded3d8e8354340f9c1bb4cad15ae784a2bd3b58c07118e28dd54ef29e8868a25f0490a54

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\manifest.json

Filesize
552B

MD5
caaeb1d76bebae56fdc7cb19b9e8c857

SHA1
3c5f1f273ca4c3dc49a46ab83f9f5cb8a184cf65

SHA256
fcd74a3383a0cb1dc9cbc54b9afc4c441cc81e2ed545fc0fe97473fde8993cbc

SHA512
4869fb8935ce305ea63e51ffd7c3045769ff32aa6be326a14a80cbae72b04a1aa613615c77cb865a25c45d33cd3066a669fee88b8ef260f6165d611ab244b687

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.9973\list.txt

Filesize
5.6MB

MD5
5e3bb637c4401ef780fa458eed87ab4b

SHA1
8bb35c639e350ba69afc3481de89c75c33fc4bb2

SHA256
c55d8407b07eaa75da953e142392dba507fd9bdf31524a3b2bcc2d1c04f3656d

SHA512
9cc29766d1914b71f56f9776bc0f23b1014529cc6f94342a8530a83bb5875cd5d9fed1e7bfdd474b7c423d6733e5918e5cfdf9c4f981720da4065f34d5cab9ec

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3940148bb31c739fe5a813002002bb78

SHA1
8c934f084062d305772a6643a8610c3a4587f95b

SHA256
b23186f7aebb73adbbc3edab05170def7edd8081ef6cbf4c802db559f5a8d538

SHA512
feb308a2c3f1263afeb806eb34e0dd986f735ed08bea4e2692ab73c3c8b52907d2947d6cefe259888dae95e86d3c7ae0dc3b38777b94cf73e326ec5b5df1a6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6622227db104272989341e77743433a7

SHA1
d7b3ca55f8d3a8ff6384d591848cec9674495c50

SHA256
650005e1fceb85bcbd8fa53e1048c1a7b061f4d6ea94c6eb154f12af67653e8e

SHA512
103959283d8d9fcb8fce07214ccf9f72afb82d82cf6ce01414d78b6b292f46c9c78c3366ed1528aab20f17abf6b7c3334477b590c77f802713b64cab33468cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
9ff750ab00b8ddb1e9d979fb7bc4d4cb

SHA1
8829d68464f7ab44790f16c501e1014f00cf8032

SHA256
b7a9981921238995b958a7c61b9378ca76d42a426c1ba361f2be058569bdd056

SHA512
73942e290d486a66ed8fe743f3f6175f0e8497343e7041ecb141a96f7dfe707612392cb0765f22bc4b331b1d15b8983aad7d6b780802c697ae1efb75b62fc26a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b57de98b59a12ef491fb0e16d34be581

SHA1
cee8bc1524d1db121bb88bacdbcc589a9c2d279b

SHA256
7ea4e267344beffc73b29c74dc15f61d7c0d1cf461d7f75be6bd0d6b4a3eabe9

SHA512
621e69b7f9b7daea9ef358c87c3cc12b32e92212fd38976ed945cfb39e2a7d7733700bce84b34d23b3bf868f458b100873de762c314be62a47002b54baa99e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
445e9788a62c09217a74ab613a869dd7

SHA1
c5c21df36294e162126d08f7ace2dc59f6f4237c

SHA256
aaffd98b4698a033924f34571672a135bfb4be6660d11e43f03e5d52b0263aaf

SHA512
6754ab978f9ad4f17aa9a915d41384543ed48725b7ba794bc41dd174fb6150010e74656d19fa96f41eacab7473cc7a5c36ff54346c88ec9e4695d8b88e3d40fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
73f8e28c8a5961adfc9d2079bb5459ed

SHA1
0295b48de01feeac00d5e5bd05e87565cd583a95

SHA256
efa33bdb660763c97b8a595a9a6ca12d4f698c62dd77c1706b15872998ad3b80

SHA512
6e6cfaa90b7510be2d8cb0b1264de503827a14afc8f19793062f81c7f6f8ffb94820535a48607d6c842bf3f287e2c5792fd909186654b730403527ebb42b5e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
878a2ff32276c6217fe7f47143aaaf72

SHA1
7bd614262ee1bef862070321a2b9f926ce94718b

SHA256
d0f6ef31d70922f886c14d13a7857393b00e04702dc2646faa09882a43e9927c

SHA512
9e8c2882f2d2e46109cf90837de1bcc336424951caf5f393ebb73767fb57a06486283384a9c340d0a311ac31f4239aee009db920e14bc6bf1215592da5e28f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3d693fa3908d8c617a78797aad9ff163

SHA1
0247346de931bb4826634e672a26babdb84aa4fd

SHA256
d488c7044a6eb50aee63a1edf6cac99541cde91a8da8a7bf1d2e832a3fb3275d

SHA512
09fd01408d47ec04826e018fb8cc57041d322e8a7a64fde6c524d4e9cc2dba28f9295ed5661ba78d2f52a63c236e4b82fea0b7afd4c112480a760a1427c02494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c8917ec3b39a417e60f19e30c4f0cb60

SHA1
dace59ee9e15c14ecc9a7947f6a0e6f990bd0e18

SHA256
a9022cd237735152d3a918bee585af52b77ef6cd07431f1379ece79f8b84831d

SHA512
31e96549c672f5e6eef0203447fa7da986e4c8c256373127c35650056e4225f3ffd4c948a8a932382cdba98860269e2fabc5e2c54c40524778f2d70091a2ab42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96fb9252b79c367411a74ec4b508e3f7

SHA1
7951d60846f4e5c3471aec04650af1ced40d2144

SHA256
74d89354b57dc24bea921c40feefe519938960066c7320b7e32867bf31a5846c

SHA512
f891daba4c4f235c5af00bc0707232d8a3add34be3615ed1061c965cebd0e1e7ccc1d5768dd6b062adcae01dbb4738bbf17514b82be7e7ab1c3c2da2e124f740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3286f4a44e0d4241026d873f0a3b5910

SHA1
0f6ba9b2fccd13cc045455c8e07c34d31eabed20

SHA256
9277073d4b589af571be21bd034f0fddb9f3824e8b223d627e1f72da40f54c3d

SHA512
9989384a58d781a276d12d8e1a1e12a4b4f37e95c746fce5902ea05b1b0c28795a05dc7bc2217271d8d219a3e71a680e045858be5296cbba120b15c7506305da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
cd32c6ae3ce1cde6cc788944ecf7ae78

SHA1
fe1798d6d60f20e3a73f86aa83fbbf9d067c7dfe

SHA256
58803aba51ea7c4e6409ec2a0cec67fda88476ca4ea5bd08f5410db749584e97

SHA512
5d7c2639b7a5287cbdfafac9f1182e4f4d4e387beaa99bb25c6aa7a7e6e78ea6e534367ecc322aad3bec5c92a842cdb034084df6a640fd7e89e98b02358e2175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
7cb959709cd8cb9f28fce21f381f4c40

SHA1
9ce5860731fbc4ce20639192ceebcd8843c88e93

SHA256
4a60099d18edab5cf88e6dc87ad854ef74b3524c64c22f2ab560a02933a17249

SHA512
6047d2ef790060311010d9e91f5d11117a07c701ede7aadb78785fd2608eaa314bd7fbe441e87aef2cf051c40171bf3b85d435069d22df75c6261f765c29499c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0bf2e52475b07dcc4e893df1f5c6bc3a

SHA1
6bce7caf99457b3b6f923e45388f43e57c19ab24

SHA256
6431552792594508d259d7a99fa5ab5e9c9a03e5074fc6e19e0fdbe46333a466

SHA512
ef82865152641a800124540411bb1731ebcb0edd40abee566b6521cb44137eb20d96a8693bbc99387f3fcfc15494ac91606ba508391056860bd096b4946d7f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b302e39cd88121c0a6963a880dd5ec0

SHA1
6bca306ed9be391e798cc5ddbcc74d911dc38c63

SHA256
032e9a3b7be5fe33fc6dd81beb17697861eb174308ac25acc9e6da51978cdf5d

SHA512
cf9f3c56ebe0aab13d9f129fc1d0731223457c4520cdcd7b43ca52897c773d7ff4c1307ecaa5f3ddea468624fbfc344654b05fccecd1fde1c5e3192dfd3ddd96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8b031c620ad4571853dd4dc9ad27f596

SHA1
b7849ed28af52ebf161528768ceb1a621e571891

SHA256
75964ebb82a5294ef07bc60a3fe1d75a78fb010dfd54b9842841eadf05ff33fa

SHA512
e9cd25eb53d557b3dc9c8f8d4d1ffe419062e27f69917164cdd18b0b08d3d712c44b2dafdd2fe245093be948ea792a8eb7b941a38cfba38160cc1200c3e39c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
44771817668d10c896898ba89317cbdf

SHA1
44d9ca06ad53ef8d501c896a052b2291d4c7dfda

SHA256
19734951313077ef8829987bb1a5512e03e3c418372d8dbf8f5d78809e894027

SHA512
30b00f6bc27fc57565175113acc2199bcc4941225df71ee0e26f29a0f60764464d5609e64820587492310b9959db694e9bc045321a59226f932f12b48364df0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2548423be4efa0ba5dbfe86cdcb26b4d

SHA1
4299847415e055d86681032ff8b66a88e97182b2

SHA256
4eee2d337097dd962d63e325bd244915389a3756e364ab4fcbb1122724e0b124

SHA512
5f50b7a784021e8635414db43da78ded180c164b17e286498f52df9724a11145c060ad58b530943d59ad316ff17c023e5b303b6334b3c8598da66f3079c55127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e74589cb28d742e2dffd3d201027da4

SHA1
ec2868c3a6ceb775ccf2bc4897f3589545f2f929

SHA256
3845b893baeeeb5856f19e653187a2ca01c9b015adc4ee6f9664b8fb05437291

SHA512
b8d4e80848bfd66fa2ab4e85b69cf363094ade43bfed76b8efb57527668942b3136be769b1a0fdcda08ae1fa34b62575283a0abf84a3fb1269db8ead6803f6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ba2235cad5a6b61a7eb1273c3a06630b

SHA1
3a79b943412b898fe7423d1616b8631cdbccaa28

SHA256
77549e3277d0b49a0ee97268a349b4ee5a39f8a987c0f0943aa9a2f3e2e41952

SHA512
12af0a70bc24c1fa30956d29b252ec1721fa256623854325e88cbdd35ce4d8493714fe7045d80c41b4530e5e085cef06a27724f18cee39373f4808b6e69298b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36a54383ae1b0613e9ea0204332bb257

SHA1
268f00136626f74e3921599aaf1fd0b0adbe4ee2

SHA256
1bb1f3cddb1e30b87cf0cce1e9b59fb4c11fbc58745ce2477644bf84297efe2e

SHA512
1db30df8de07d4d39d6bea02622d758d442df99c77d75d6435fd75ee55f2f4134413ffca49031ab739f82761d3fbc20817e82ad1368376037ae310d0659ea600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a37e2827165cd460d75df66b7301d415

SHA1
e118c687f65eb8aebe0d807960d00a5cdd26908c

SHA256
cf5ecbe468ca1514eaed4a593872d78c9984166a63b984d7a1aebbf089a9f71c

SHA512
b9afe68fdae940bf8c850bc7541e8c9d53af8ce0a848a8b5e105c08af2a50b4034bac2da478db34a8239413655e1a785e41210c352dc19f353dc5d6c2f1b6460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c965747cc5db4f8f6687691fa513d7a

SHA1
d14d766113f49a23a46b049b7b0ac2a0177740dc

SHA256
9348508f2df271593e867556da6e1db6422039fb478a10ba3def94d46c2accb9

SHA512
17347a572e42db0826d0128d9d7115f26653b06cda5cefb28fe6dfc81d8c547f5fc8773a5ccd9016231912b56341caf34159ba2b05bd0cdad68677efc4d53324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1df18e4ab8c55a750751bb97c7958369

SHA1
de2eb5774321c8672eab954216eb8df192bdcfe6

SHA256
393e7075faff63d493e11ef986066ccf0b1420483380c987a9298df21e1853f6

SHA512
443f2ccf1ea651814b9281f156f7e13ded6d84be61bc366b9cf360f75a28a091b99e458a124a88f8af51b33522d258d5a9886d3e602ddbcea08609204c60caa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0bc8f16c0883a3d61ff165086377f291

SHA1
0a11e94725da0ce16242291fdd95dfbd3204a8c2

SHA256
0e0a57b21b096d314fc04d9d0cca1480126fc167a1ef0ff206f4c48b74e18699

SHA512
0199f014f6c46348d6c47848c48710b0375537b036cc47a26e859178bf5d13344fe1b55c6ecb2dc71e3e97dce3c108b2258e3a9c1d88574cb9cc835d9707fbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
85ce671c350f7a135c0710ef2b9fcd90

SHA1
c102fe12715c0961db3802facba6e40a01468cad

SHA256
a0394781dabb13afba46d46659884cd0a576d293d6ea997fc1d685a56cc91604

SHA512
b80a5b2b242ffbd0e4ef81ef40434563177a81cdfaf87bb8c434db2779edde248a923f865ecd351f21ac5e87066dcb726e15ecc493a8cadd7f8861513fb3e966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6f54b441ef320156332e78a860b31e39

SHA1
c70af505f3536da92c3e68228aa5666308c3b379

SHA256
785d6b1669d4fddc34ac2c555c40e62e776d997367a93c54eabe10eb0ce3826b

SHA512
f9192d6726c63a284655ad2357a8366ee564fa527895fb75c74a2e5f22b7f2895d91d2f800ea0626b7ba6b74f77bf6d193ef1ede8a16337278e0b3bb004d1d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2d05cafbdb8cb82608c18a05483b5958

SHA1
f33a5a3de7481e9046db6e40f4f20ab3441b0cb0

SHA256
adf1adaf2834905e968e1dde221811a2e6339849baa98099043068d8b1f9f626

SHA512
e0dc2ef5b558525b15abca829f75df728a868cf1ac9b089bd1de20cea3212c4ae8d7f1154f917356fd4ddfb64db6381963e89a9b43e5548ea6bfeecff0b0edf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c6ac37c6fd2156d9a30d8790ca6f77ff

SHA1
91d94a580e10be6c8b0eab69f390363ac0187734

SHA256
2a075a21120f01308d8abbae516c0e8337e0ab475ba1754f09160673ad2ff8b7

SHA512
f6c7533011ee475df078178b4ddb3625fe18dd7325cff5822708eddf2c46417ae106d8508137ba330a35cfedb9ad90cd9798f294d1613e317779d84819872633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
03b850bd2b9fa8354494724bd1b964f0

SHA1
6261de7d69bd8bf1fa61b262a1ac535eb4e30430

SHA256
d56fea535977819b14e02e9a852afe1b7e37aa65c4b7bdccd83777f46a5ea0e0

SHA512
96cfad07ab07f03e48f698827b85f76313b9d331cbc40f6e5b945e3141b1b3bf92cf611218dd9be0f0c7ce4fd8c80dd54fcde0778b9af5f125373d6378f1d1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa68c0821cb5d5849601f53477e87d62

SHA1
d7696d13b3c12ccbc9fe071f7825555f464144e8

SHA256
9bb98148c537ac0e597540effce4f6ba20070ea677bc8e25b558be57f2dc569b

SHA512
047c10c1cf2e5f04e41b0df79ccb364c6d6ccbf2c506e2f5fbb68c005d393c9f0044e5102b10bee28745d361b5556a94571215a3f434c10410fdff3dee223e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a98a7232200e9f099462978af55afbeb

SHA1
856e31563699898c3ce78cd38a4afc94f0e75a78

SHA256
d003eda7041b0a782468aa7292d3adf565dfecbe5b92dc5a6959d685f854d731

SHA512
ef0a9e05d42f6d1f6d252023f7322017e8ac14bd9e5c1e5355bd282a94fef95b0c67000b139b5d47f296eb2929a9b4fab18f0077c88b8106b6b33a22dfd29c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3277ffbda174b7cc3d5d1c37b155c7f7

SHA1
b0b4ca1b0a97ea5341793e6707b01caed049222a

SHA256
0d1f8413a4257e19f5de33ca99bf241b468d855b8feff5dbecefa5d7beb43176

SHA512
e56ac2d31439463788e2444af733fdcae64ee7d493de4375c2824874e16f2af61ba211373842f6b40601b20181320d48d18908763953bfadd9398ecff3e456c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b042a2e9d856a6ab34a7f42d933c728

SHA1
b857446412d4ae8149540f619dc17c4f2b944627

SHA256
fb15a822facec175f5b8d283cc893aedf6a24d7986252de4b4a4f0208e412a9a

SHA512
b27797b7b14cfa52934b25b1f9ca9374590730ad68fa6f37108bac52e0f233a99745d4c2d881ef43933b8791b01c1a7425389536008f1fe9f3aead6616dc51f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7aefb70a11b6a8a060f2193d66fe6440

SHA1
621bbc1db3448130ff35a2671b4a481b31822930

SHA256
19f7c80a2b232998c90913b0f9c0782da00f3b6372876df03df26ac3bba3cdc7

SHA512
cd4ff8e184e89d7190d69494a8da60fe2ae883d2561a2e6cc0f9a17b8400e25ada9d383532763459e640b3e98477087d27354635592e5a6e9885e02729d8f53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0d27fbad8026b38eb4bfcc66953a3a7d

SHA1
f79d14d4cef279e2d812cabd3b600b8b595ad347

SHA256
7df862cb9374cb3c8ebbfaccbf9c107f7458c62688c7248a307e5ebf42c7d0e9

SHA512
fe61d991ef5cd6d055eeab5c1c56df54090915aa3e8c48723a5e60894ee7f3d4832676cc444af008bdb840153122e599230ae6fe0a7dc8b50de0f2bb93ed4f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
59c76eda79a2bd75d52b44c94ce5c0dd

SHA1
b81a34649a712f6f7df772e8f7ea62550641268b

SHA256
71ae2d99026efc75632caad3d925c489bfe4e19a2c172af7c959beee0d7a8c59

SHA512
49df906c8f86cc16ef0eac5a6817dc6879d710c810718d147cbc2689a654f5d99b94cf9478e742f0b64d3452835f4a9a34a6c7ea1a8653aad21f7ff200aedf53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
114eaf3ac627492c140977f32204bea6

SHA1
ca29bc4cf068f45e712e97bf7af412cc3fd2a61a

SHA256
91a8d790fca08c6bcdd98230c7bc975d45c19f58f5f32668952dcd054786c75b

SHA512
a21677c949786c4bb79993e936cf47d5582800b3e676550be884cf7971595ccbbf2120d43c42e56550d4b6f257906782eaa192c276514cf5e7bdf03b0a6c0131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a23efcff745bead8b5179f7be20d3314

SHA1
8404b09268a253c6431f42a3797363d6d8a35586

SHA256
a373ef1e48caf07e9490ba5007dce40cab1e0204daf25b4d2c14a2d2709bba48

SHA512
6bf8d0bd15dcf55180e5a977389bd265b26631316ab5ec50043589074a5f0545ccfc50b1936b2a9dfefc0b2f341bbc0b7ce01d5f13d3edb3ac95cc7b40a4ef11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92c2fd435989d992b7a7081ff1862fef

SHA1
c339d1be68ee538cfe1da6c17e60296c40796f47

SHA256
de7e07b0c696d7bd38a2a26c2afbb640207aa3f6a533432ec8cbd6e7f0ccfcd6

SHA512
62379bc1af0b5c5e807cb1172ad37389e1071f1277374de350ae6cdbccb49ccb738fc496b56f190960b5d5651e5b8a33376bde17492d191a2c707ad42cbbc3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5ba8ab4bf155feb67626956218edc1a

SHA1
33df7ae250a38011426d1637ae143df0199e3b4d

SHA256
4ad93090089f4bd99a46172f5adff9ed7be8da1dff1928be93f5ccdb25dd89d3

SHA512
00b9603dd79ad166c54ea9582db8d3dc0a2f0bf3f002198afad3aed1b9558af4d8ee7a2a021e75f3d5bcd590c98cbfbc96157cdb9523e14295f0eb13a235eb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7213316988911bcff78fb5c78bbd04eb

SHA1
b53dc94f47f9964995107951cbd4924717a6e46d

SHA256
733764974a2d2eaea179bf63d638ae10e5ba03cb382ee910827fcdefd835c407

SHA512
03dc564254c3f500f27e54d335d82019a457c2f53c0e393701da2ac277998207d1d75bebc9b9ec38b5f1e8e863c25cc2bf114a2eb88f597df742b11955ddf2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0759a7c46a3891da1c7b6c76a080b0a2

SHA1
4901048c00a7250ea03a1e75d6b4be9539c6ca16

SHA256
f2b04d85e2ca79bde9aed73913164cf7347911b1e2003eef33257db6e567d27f

SHA512
08db7b2840814fa46393016717dafc661a23fd5ff182fa91aae4c372404f201e5e137a170b4843109b59044677d62888e7452411b39d2b885f8648b688517c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab7bfc84b51e69ae4c9cad40f3c87489

SHA1
b3c02fd0d6fc6931b8f3ad11f6d79c67d7c36ed5

SHA256
0768821338fa3ab9eadc7cd026e7c2fc4a9ea64a70b4792cf1764eb7ef8538e5

SHA512
75f74b024ea61f00f99a2353f73123a5724003da2d1b61ecb6331d72c553b0f9cf4c60e47a5b8b3f09b7715f40ad0f1215a03e931b5b23611ac56e32f8c11e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7346e5c0a50f7e3b5972b758d79f23ad

SHA1
9bcc452333d39f1638d31102b9de87e3b1888ca9

SHA256
4677c443763ed5375348cad2902c65bfa3258c78d4fb478ceedd5bce64590007

SHA512
f363be4ebd3ec2b70484d122632b590715a5f2e81f6d2651de677275a24f2b74d39da04f7c4f5040e81d3023037f7739a0991b2cbed6aa613441a8a5e9bce726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
df45695b43ffe91c9afa404bbcfd278a

SHA1
1174e6deee002012be87499ea75353674be60353

SHA256
08404a7007e8c614376d8960c6539bf9f9b195ede16669606001bf587e64ed4f

SHA512
bed3bec006ef13adda48b11e5546396158a153d4ca48c84239f3cba0ef015bc62eb922c2d60a2840e5fba9f212495e325dbbaf9ee37a43a3c7c851759e4333c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0cecbb7741c4483947d99acca6f3df3e

SHA1
2ded3267040a8f65291a2a6a07682ad829a15df8

SHA256
000374bc71f4867fff5bd2679e67a75dc0764eca71097abb0fa41d8f9e5f5f36

SHA512
df18f8c36adb8b16332a0b210d785c3f46eeb27983963cbf3634a0482d85eefa58403dccc3ca7e460a249dee55b0e581e777f47b2e5aeecdb5628b0fbf7335ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0a96bce8b8cf66c04cb3d753a07931a2

SHA1
622936572c6a40fc22542353481905b7f4a01b51

SHA256
807b564e4d867fd08a28eb9a6ea97e8895b2bb00ad91839b79d2ef712b830258

SHA512
22e3c806e60b0e0c5ad00cf15b5b1c4c6e83dfd9658b950e7c6126fecbab88dc83ce71d39756b156539ac7c707ad100b5ff018f5b683c4937c5ac64dcd690841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b102a1b4a8e047e6b5069d67a00e9379

SHA1
10f1d82690952884f37c8591e172d8427a1a7847

SHA256
6351c3c77e714f841c4a069ee185518feb341845ffa83b0706f40cd450ba32f7

SHA512
9bc366c98b4ffb58822743de0474dc0064cb609f4f35edb47aa95fad1b2bf54eff575bbc970104b047b3fb5d64103b1003ebe6630beb20c6ba7e67feace4f9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2396123f3634387f7bbfa4813487a6b6

SHA1
1d88c1838476e9af6c0bba758602933366f97b0c

SHA256
fad994a06612efdfc38dd2edd5acc2015535a875212432a0cd3d3181e3330776

SHA512
014f8e652cf29066fef227296766d00832b910ecc6806f53c7760e79e1dfb260232e7cfccc0177c35363eab696499174b9a27af2219f6eec66ec41a4b5a66ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
304c9a9e265a8a2c4b22cad16751f08f

SHA1
3578c25ac0f5fb836debe22484f28f52d8b0c4ad

SHA256
eff6d009a53f4402bfb3a0f4acf599385a42fef42624dd3ae7e017adec93e801

SHA512
7439a5dd14afd3b20c1825c3118548f6296f1287d2dcf01b2b47b71e8e17caf132f4f34fbd136da50eef07d0fb15517949edb4e16228be516963ada9a01e8497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
35c7b51e6a8b3c094803c348b5b63754

SHA1
5780181da0aa0183deb2d4d0d6a436e0fc028527

SHA256
cee2538b407e32ca74e5c871f82c82a92fa52790f445c364cf95d042238e3470

SHA512
e553ee5396dd63168c0e550d58950bd33c3fe5189f2b2ca52b557e1d265e888da60e06f40cb16c8efcec16935171e08e597175b814c57bd6dd652cdc5bdf467c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c694b3dcb230ea86696473ad407fea64

SHA1
01393b149996d2efed105d206ef5b2fac79517b3

SHA256
060bc597ec2923317918025acc170f3e335d955df67fc0b7f9069fd2b89b16b3

SHA512
ff208182b5679305a77e690446de6ba5df6ac177614b98a7e9580fa1b91b56e2f3d650772b4944e2141b990aae77b42314e2e04feb80d3c1265e0ea58ec8e4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d17d567e-9b48-4973-9368-aebf8b84c0fc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
93b066c7b52037dc4dffc1b6313bb976

SHA1
8ee1b2c0fbba8ac5d79f227ddaf19bc54e900016

SHA256
3753170f521cdee5929e2bbddab0ae6435d5b424b8ab9fa4d676069bbb4ef3d9

SHA512
feb1031bc0a4ba8a1235a71f4932c6c2134f0352c8f1423cb31e8c271ca01944b8d07e7980294bbf923737aff12ebf6f335993c657e40a65e963b833eb7c256c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d236dbe7434e7bdf37f5285d0c83ac44

SHA1
2334a087eba45467c4751a063135be62cb5f6508

SHA256
189a1969d819f4d1e64ed6317863b08370be8a017e9799d008a6731261c341bb

SHA512
e0200cfca6bc2ebc594bac9da89531243bb90184235e2b9332cdf8d4f3e62d5ed4f6a41ad01e46ef35da3c51a962970005cc4abf52070af2bc7d08f0da343631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
91ab5bbbd8e59df35ff853628a4543ef

SHA1
9e64f8b9ea1b147eb85db473051b5df32b353aba

SHA256
22a60ef06aaa3f510bbf4ad58d17ac5ca3913f1572b7b5c3381edea28630d705

SHA512
37dc2c232b867442f223331ce746946f569aa2e071638d9654970a1783d20574b0b3a754ee0e668b8849b417ad46b664a04c80ceeb4e7c31b2c1faa30e28166b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b5a50c273bb30edec7b97fa67876a784

SHA1
b581e91bfdd3d7a7c81126af39da586d4f8892bd

SHA256
9d2e77a5d40593101d88ecfb275aed08cc2519a1f1a358a2c187b9a08d28716e

SHA512
7d5dd235eb798a36ae87ab39b64f9643507cffe2df00f75233c1b0b50a9b6669106d96d59f83a7558a1324214e54b403a50944cb3c7bf0b51514ebff0f0739d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
0a46ca430d35cb4fafd513e89e3548f4

SHA1
6cdf6e55a655703f6d2d484b4d0d028a764fdc56

SHA256
ee3dd44db3591ccbfb131a525fe0a6b1dbad8c4345127a4dbc2e5b58025bdb89

SHA512
d46f5cd32b297d1c2262a6158f5ba06bc5eff266c73a12fa9f98cf12f449a85a49915df3b7440e5ecd3cbbee86e732aa989c28969e0ac9e96e18b267c8324226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
44dcc5d5d2d070b251fb2973cd8e6dab

SHA1
8e9e911ade563930045d5c005417ca2075532a66

SHA256
03fe73f0e2d3f7547e4c56b33e4b5c4149c0965e5d292a4bba0acfd770b91033

SHA512
e50bb0e72b795234b34646cd1f709669aac3b756614c77c565330d600fedbc3a8e59acb8cd467c8a326d363b7603120fda3958ca11ab33c12f11560b9c584283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f970be3ab40effa680504f672b40c1fe

SHA1
a716c24cdf5a5278619cadc0cc43bf4f3633702f

SHA256
faf2dcd6047dd58fb8d025dc816eaee52be7538354128a28171f85ef40237462

SHA512
3cc5c1f9427981379b9bedac8d87865708a60a8fe8fec8229eb279185d3177f8066571a60096bbe57056123a04c24e266be80016294c7791e8c364584c8fd682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f1fb61250aef139480012a742e7ceedb

SHA1
a71bed2a365320c3c07b2d43cf806de40dead6ee

SHA256
2882d490550c99a784828dca6598ea378358f89a7e13d5762ba1b1032708b485

SHA512
a9dbd9676def409d9432b469ada458296d22a61c71489f956ef6d34d570fbc1712f48666a0c188ad139513cc9f70a5d22e7e932d0b26168cf2bed4015786a202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3aeee73b617ce2fa4f2dffbbd1444bff

SHA1
1049bdfada38d97846125b1a187eb2ec565eeee7

SHA256
9dbdc61cedffd5e85bb7d7b52d4d1c5f964bf3c393db066b9854f5875be29266

SHA512
7a0c0e1a33378d067498a5e99f10099c3428aa037a1bed3d7105d5a4cbd0ec4dac1407507ed65e73866c51a9844fa8c0ab8ec95babb69fddd0e3a3afed70e3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b12b6058392653deca081b4df9dfe6e5

SHA1
468063422c5c1ca6129a8001f92ebc7ee7769825

SHA256
f817b0decbf7ecb670295194dfd3e319848f3416fca728922ee28e587806d845

SHA512
6919e7547c38cef7fd8f972a12ebb11472211da9764a8016bb30368d5d504ed264d91338223bcae8d445c094b5ec9eab1fd4a85aaa8633ca548d9de407832565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
29KB

MD5
59f5f7f62a6e12757397261d32291210

SHA1
26f460e2aa3b95fb04c679e03733b5c58dbbbd5f

SHA256
7395c9eee8d38e01a9879920547e8d07584840da4682ea7b8b201f2b97b9e414

SHA512
f57d43073204087e9ca4e50aef45d75ec4a6f73141bf4994bf23c472bb5efd57411d4f5f730fe54bbb12cdd1210f7f82a33cc9538940bd9e13b460d8c62eec94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
41e2df579e72738961c19f52bdb1f923

SHA1
574666e3c43952471c49505f3b5142cd70f5f766

SHA256
f9761b451840099f5780e512509c8b762d60e7cac36186d398c13b3e004922d1

SHA512
d9d3262abdc198d887d12b2a8b0192a378edd292120abef15c445ad34a0f8f2aec8f0c5e03d7286fd5f8389b06a7e664b52574c6dfa46189b13b9e87d3a3f13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
54KB

MD5
fc86b1a32c69bcf5b74e36a9d5f3f021

SHA1
02df6d1f394a546f33c169cb5579bd841693fbbd

SHA256
18121145a68d9364d5137bd2e8ecec1bdf0a9697ea3924b70adfcdbfd6fee8cc

SHA512
73a881a2f03d1fdd781eb9beae4095563cbb8b079ebb8dff9ee50566e6e483f175b4924effb9abed6f30fa09ff338c4f7d92e4135325eb6491f7c9866ed4b23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
24KB

MD5
92faf90a25fc3b80bc981a5bddb04d9f

SHA1
1072d708c6acff783bcf438a45f6d112f6174281

SHA256
1c73ee50cbb37cc16c62ff91437d365ac0733161fe46946589241220d4b0c269

SHA512
9053f65bd8cf04f70651860c8221fbbe981e488fcb81d14f0de2757b21030591ae0f528219eb2f102682a68c335467056a7d33a3d65295d58ad0cc755ca51575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
6fc44fae7c087fd1f7af9560301dae98

SHA1
be76536a487781c58d6b1c4f74e7452381763140

SHA256
a578176392b4d646c769cc1ab56775977fa81d8ad414eabc10fd756daab2c24f

SHA512
294022d2ed8c111c95ea81ba907eb895f011c9915253ca880fbde8e544e8518be6eb7b2cdad99c9b43760120a1214025010c2b0ac54145fe7635cee249cb1525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a94318d0570eac73d75ac4429662aaaa

SHA1
e95c17473c3585ba84faca8498bbf9944b64b150

SHA256
5e3a0306650bc45eaa336528eff7e5a8eecbb3c2117ab3b9ac4e7bb130f3a9db

SHA512
1c21ceac81adcde0ccfce049a0f36a530b8905da78312b5a7113c0882096ac2e1c4e22ab4b0df9d57b3ac2a7a148f871123ddc5a80d66de1c24bce0290260f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f666249959641e3964b5c983ee40524a

SHA1
1aae13244ecab926678e0aa1ecda7bb1f106e15d

SHA256
ed7f1a23ccb32ab25a9cf0f90997c2e3a0c5110364849043c47bac11b6015546

SHA512
98cd007a422285835c765243efdbe965045bb76039fa89ae9fa340d82312bf7fba5eaa6054c195afa4d4e1c532d7ec44f99c47570c0fdfcf3625c811c05ad66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4d751836013850b8393b4d5a62b94c9

SHA1
428889ec3ec6953a5ed742dcb1daec82991687fa

SHA256
c5926d7e871af0a446d293aa2323fc9d09feb1ce9eff68f51ba6e035b5f56b0c

SHA512
612f839fd421b9b14aad3e45ff424c5ea056695161bcc6dd59a497f0e02f56d1c17ee7d5caedfdb858a193136b75efbc5e01539632d767f3e0feeff3c7f7f428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e5a3b506084f853286cf7a35bb64875b

SHA1
3da30bbec9404d4650280aea4e4e0c79b7bfd41b

SHA256
2826c6c21f910f05a1caefbe1faf41d0d06cc09c8c172a0060996a7ff24d2bbc

SHA512
cb39e010df899597c17d0ccd27c0e29743c9228155cfb670f742da9649ff95ce1377c6ff6b7582ad7577bcff44d724f50f4453524c9b6f374b0e5edfb95a2236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5de6b9.TMP

Filesize
48B

MD5
7e2eb1085a9129b93e9eb15d0e0dc1f1

SHA1
3494485a655cddfa3fe46e33c7b7721e05079ab3

SHA256
29279b7ee09f5caaacd972340a5bde60b748a1a4bd8cf0e3425822cdb6ccc3f2

SHA512
7bca1e0caa015e0440262c88378cc55a924d220620fa81b7507459f8d9e2d2f3e50507eb1d7aa7c6403a7c5fd89fd42b8f02df948686b46476ffe02d1c05b220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74d04c5f26a3688ddeb8cd6fcdf5a28c

SHA1
d885562a05307b54420c6eb1a7e34e68b0059c36

SHA256
e9a8e3bc8364c935e41aef1e994ead4b0e348f47a5536916e9d1f805ad3937ec

SHA512
647d06afbfb2d36096d1e8cfb16887c10c337cda66747c20e94e6bdc5201158ab4bd481025a73f2d08ca9a2f947037e0c2dd9a55022b23a9ebe9c076bcab5fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5648_590619452\3d287224-dd2c-4b7e-8d36-e5de905f1cb3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5648_590619452\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
98193e9f58eef1f95231c83af6a21f9d

SHA1
55f6ba846923534d8a1a52fac1437b4c04054534

SHA256
cc2b5315af41d89cd69771d5a285f8a778d6b78a042704b7d6bbfadd3fda0404

SHA512
1f6994b2252a27e733423cab3be02d82efc31f6b24e5602708fe0723c31eedb8dcd426efb1fb0c3714d6bd0f9da678e93fd991f1a01ebd896b4d1ca60e210027

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
9c141c4ee39c8abb3a8dee9b63fdf102

SHA1
3f4d544add14604b244dfd4ac35997e13141a0cd

SHA256
d0b1ebe8e412f4eda77a743f14fd7d8c84bce211032cc3aec73196f7602be8a6

SHA512
67f47825b9f6096473d55e325b94ebb2a03f4fe14052d5a82c36beba30ea9f0621364cfbb14a7f40752a8c0da58e01a2120428f17e0aba0dd2bd4c69ddff5dfd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
6a51bc961dc1987235ccf7c91bf27d2b

SHA1
e4d7c52a6150400c91094bc1a7d796f4d16e8bf6

SHA256
7710a62b182097f1fdd27439ce6e2587bbd978ede932f0f62e6434458333af39

SHA512
1b9132c0c935bf7afd9419ab4109186f31c3139b4642ff514b96aef0f9263d1991a4fbc92be60292a56734267faf1762bf08789a9e99b5e0e2667ddcf3429b39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
cb9081f171f7cad5b21c15cf9ab767bf

SHA1
3b8b4b691f48a6d3c5717dd97070c526485c0cb1

SHA256
7c4f09688f0fa6e68ff8f640cd235cdc41a5716ecf6a8800cf6bc1fd773532a3

SHA512
689b70df099a92eaf1ed7bc0d75357274c915a7596af9d3c1d4626b3d70cba20bdbe7e3ba62566379f462c31df27b3e938ca6acc1aa5cf07d51548673845d231

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 238542.crdownload

Filesize
2.7MB

MD5
cd4de7a9a97440100f4886c7b463a67d

SHA1
d624a57038639d6578871cee2ff2a383d7282486

SHA256
46ef8b210a36766f6c8847119088dce219baa7036699f687638a8fc77813f86a

SHA512
1bcff79a633a01c04f3af2f87e5895c4842de9c2952b8b04505cb23d40f142dc24c752834b122b886ae2eb8018f50818c273a9239b5e1ddeb4778d7e8f27e31d

Download Submit
C:\Users\Admin\Desktop\kts21.3.10.391abcdefghijklen_25540.exe

Filesize
2.6MB

MD5
2791bf8531220452bb126fe6aba5e662

SHA1
c7d5d2d16f71b6c819317a0f7f4e53defbec7ec2

SHA256
5caf285ae44a747d8fa5b9a9301ea50abd5db7eeb338742cbbbdb5df0e8716d8

SHA512
710a846159fa4562633177c1522000522978b2435b08f9907c3d8dfb1313acc09e723a2dd9055d46b980128d5787aefc6ac8151d0ce835bfc6aa993800ba7bdd

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 251777.crdownload

Filesize
1.2MB

MD5
06f058eee50645758a81e8842353f372

SHA1
15e9010bab33f1733ea41b7c45d2da5d74ed721b

SHA256
854d06a90dab54e7b69882925886fb24be711fdc21884e13c77e29048b21a098

SHA512
920d5b6b902a742551dd0003c3feab430c3648a36850ceecc33f5baee365bf3f938420f80695618e1ef604daf3e215112938a57f3a7f6420c286ec430e89d817

Download Submit
C:\Windows\System32\DriverStore\Temp\{4bcc91a0-69d0-b343-bdb1-8612c6807dbd}\mbtun.cat

Filesize
10KB

MD5
8abff1fbf08d70c1681a9b20384dbbf9

SHA1
c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

SHA256
9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

SHA512
37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

Download Submit
C:\Windows\System32\DriverStore\Temp\{4bcc91a0-69d0-b343-bdb1-8612c6807dbd}\mbtun.sys

Filesize
107KB

MD5
83d4fba999eb8b34047c38fabef60243

SHA1
25731b57e9968282610f337bc6d769aa26af4938

SHA256
6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

SHA512
47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
107KB

MD5
525f0c7bc4e3c8e124248ac3196878a0

SHA1
d00d4bd8e6a341b13358ae560dbbc7cc0c9569b2

SHA256
59f3a59eefc28c5086ee78d57e4ed474992fc795224d2aac7ed28efd618044a3

SHA512
710e73d16d83d6b9c79df0df7edebeba13feb8231e6209dcaba2ec6206d18a2e900121ea0a6121d56df972e51648fc67da2c209fb3018100747ac12817d1488a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_E93D4349D1D2AF4AE2F3CBFF382A5C9D

Filesize
408B

MD5
38234d379b5879176349e67836535207

SHA1
d16ff32421688a29816b14a8bcc04f6d0005bdcc

SHA256
c988e278a7cd1b1e3c057ed5ac0ae2681b7e37463e135ce70c0e2b9457e8ebac

SHA512
e461330ff0d004a0ccdb46aa73b67d4acef22048acfdf21cad97b7088db81621c353a7313ea803dc513159ce0322b14c5c47fac5274e8c6ce9a0bb161b4393c8

Download Submit
C:\Windows\System32\drivers\MbamChameleon.sys

Filesize
226KB

MD5
0863c7e1aa4ae619862d21b9b10473ec

SHA1
efe9afac664bc0054f3d5440b34aae96b5e8fe31

SHA256
61fec3b75bb28bdbeb812f956efc634d200de86ef380d0492ca9f2e4a17222bf

SHA512
dd6bd35a30f6d71908ad882845b4dcd7fdeccfd53aa8e1a7dd1ad73a75ea08702c302b5012080fa4162ce898505d00a37187734504abe66ca20faa0e2e407e44

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
1215366af12337d0c6df30cf1e8d8703

SHA1
c068c7c67c7940a8b54f91878a41d7d563b89b52

SHA256
afc14e01f32986b8fdf70abedf20a4fa4f8617197164eda2486e81960a4c82fd

SHA512
159f94185a34d0f7eda4bcd7a3428a47df7bd380908a3cd2e8f3793740e2be683637279f248c78ba919e2e9eab7f1196ab6e1c3f090e51ff0b84d5e152e613fb

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
57a36d4a82d48dec0b84dbead5af407a

SHA1
09fb2a73be8171a3d0e4fe8202c8b5aa8e0c662e

SHA256
688fc87c2c8659b03a4e356b2e0d60d644b4f91865afde2edd0b431fe3e9ce6d

SHA512
35cce78ec9b0fef3836b543f3737f71403cdf8d4b084f37276dd9eec63dcc958ea2e64197a09dda9bb85c69654b5d9d65992f7509c9ae542786e49867102a0c8

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
e2c7fc3a842c66f204a71680ea65be48

SHA1
9770bd0b297be216651330f5dada585bb9ab7280

SHA256
024e34c8d8ec714e98a82a6df2de2252f2e0028f91b3ccc928f53498179a7ca2

SHA512
5549a1478cd09cd00525d56dd4b162a3d42a1284c9f811037f02c6c0aed6094e6be53f7580b62226cc9eb31b8b5048435e6225ead7de996c4f3480f5852c7089

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdate.exe

Filesize
163KB

MD5
ee743bc7055cd46c5dc436c2e31fbb2f

SHA1
bc2ecc65e2de6095306d752ad8d4005c0abf0a95

SHA256
fb5355f32b99974fcce4eeaf47eb285b7a5eeed743389ef86cd781227885f7de

SHA512
de549940080e22134a462061b05c19b71224f99d88748e161626c15c10b0e6dde73f614d2b73e7c667883669ef073da249066bda7344e8832f2db3f4ca771b53

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
0ab8bc5e7781d4d8adf8e9042a092b01

SHA1
55b8f5c9eb6569684d3dcd5a9eaf307c130a9096

SHA256
413516c1b9256ac6091789ab02ee8374720a8e4d3e4ff02f9dccbed707e1d5e3

SHA512
0e2e3c94f7d2c7c7ee7ee8894b97e7d45fec8869ff31a6202b2316a5122570036455b4a6dfb9419c7d21d3dcc90f92bb5297b4e964469ea656b4aec82bc25226

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
d0ac42d1758fd7d7c358ad2afce07b01

SHA1
6714c0c29fc240f6173baaf61876836bad18ca9e

SHA256
35dff5c835b1e56f004fd744c2e9c66495130bf8de1a35bb216fdd21d012d12d

SHA512
e2f27b1c4463de2046b3dbb8dd0cc489ad591bdb0be2b566e1bb909c6409cb333da3905f3239a45560aaebb3ae0760dd12854b6ea1d48ec43fd2d037bcaa67bd

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
bbcf651a95a8ef4de64e68aae60739ca

SHA1
63c219727f867525ce1f3bec122117427ab17e74

SHA256
fc081f3cbae71ad895f77ee661b8eb8d6adb7f7652ef072572f83a21024f3e52

SHA512
e77bda759b5330a4084d1904273af243bf3667058eb71494f29413e0ce05dd2800eca3b6046d577a648c9e4f9c582b0b88e07312b9ef0cbc30b1732f2a371856

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdate.dll

Filesize
1.0MB

MD5
371ca63d32e87dc52fbeb61e32f0b5ad

SHA1
ac6a727a473c6e86a940ffe5b2e159f643f14c8b

SHA256
509d0da97daf68177e9ac67768bdc249069e6c524d016546413df78f96ca5b71

SHA512
3273ba366d91288cfff6dcdac96f320048bb0e9eb6b721b40aa97396e04902d7d9cd3b5374314a7cad06ae1622f6de83189ce0947b6de97771f2651c3cd5f275

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_am.dll

Filesize
42KB

MD5
44f5b5915e90e0ea92230935ffdb387a

SHA1
dc8a855da4ce00d1e7fe6666ec5517f1b9251d46

SHA256
b424c70cde21c207c7a0ce50c528a07916f3a23e729662399005a9c2101a4572

SHA512
802100300f9227aae6e2a68c88bb8ce898f54ffeb5a1291e793fb05e8dd5eefba43cf0d8ce6729e3e2b96b8877703ef96e75ccad4bf7b7104b3c4ad98e9fb520

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
9f4fd820285020cf27e98e887a86b371

SHA1
d02a83746eafea50bfab3f2c376dbc7065901e6a

SHA256
0211e33039e643716dae115bbaa7fe48712ffce05c5cd93e430f0920944dc0a7

SHA512
f2a2e58f59878ef0a0da39f55c49eab2252d1a239a2b528e5f24141c9624ba70c7a0b116b5f7260d7642fb639ea6b02267a86d87d80b7040f01a3f77b2d30df6

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
a1d35e34f46dac72a6d9828fc684342e

SHA1
11e8620b430713d2a060e8b00885406406999ff5

SHA256
ecde99e60a06439b6efe56449b574e4e3c72bd2866435057ea96bd95a37475b2

SHA512
f3e4fca639692c375c6bc5da8add571d0321a96b108ec4b5c8c066fcd66dbc03d13466e1ee2a6999c8a3295d4dbab196e4201676d33baf23c0d7e1910005e086

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
d2f9b8a15531dbc23062d36a32f2785a

SHA1
fb91c68d9169e3395d08a9e0d9206ab9eeb4a9bf

SHA256
745a678f24bc4bb23fee635f7208da54c611c4dbaf3d6ced8ce506e6fcbdfb33

SHA512
71cb4fd02e23f9f5ebc07b78073b33d22ad2d0f63577cb60f38b42af1da451b1738f77edfa2c77696963ffcd09d3eaf07feb69814ac20b43c65bc71b720842b3

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
c6c28c37de5679872165d8081eaae611

SHA1
a6314c35d35abe6da7cc21a0cb3b3ae6cb8cd868

SHA256
b6569295bbb95a2b7ef2a203cb2e6328f57afdb60d2eed7c91b9e0c140492f89

SHA512
d8ebcc4edfbbba20e481e02a1abf8d135c0028abe6afd05b67748175b2683da5a22b31c19251180072e2daebf3b8ad1006d07973432844e97fab7fb141e00bd6

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
5f1801d5a4313f38b0afe77780ff418e

SHA1
9260d0bf49fac341682e26bf333d90a02a9fd383

SHA256
f220083e8127200342cc2a8b441a711f4b08fca1c0bad08f71e65fc755fd5903

SHA512
833bfaa2a1c106492878e36f455dbccb592686168dc9692311423c73b9f09b3ab0df67c4248be529e72fa27bfdb1ebbeb16a3dd5d5ff56fdc29ef0f7c8511101

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_da.dll

Filesize
43KB

MD5
9d31f68f685b47a909056410e13d9b67

SHA1
ab65cf05a95d8bbc3fe4e4dcd4c5e67cd1082e4d

SHA256
81891dbea99c47f2590259ce9b5a3fda7a80b7e9305dda387b2f6447eee7175b

SHA512
aa7ea8c086b59690eb3ac7a2e334aaaf83e0cc1b3adbbac53b2ba04cff67392ac87d175a88ddbf5c7b53f874fda203b5360494bf628b0c563e7953dc11553907

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_de.dll

Filesize
45KB

MD5
c699c7cdf4be1ddd44b093e1f6ccd4ce

SHA1
23976f3f86117d4942e3d4010d8a2944615275c2

SHA256
f8f33f39f47c9bd53ac6497cdb2c7e10b4f5aebf70dbe5c8422162047730c727

SHA512
930a757630dde8659a0d3dbe8c09ddcc2d7c5295809e22e1c071b8a6e83feb9a88c66131c9d889c51636b8daa68c06ebcf32c935626fda2a5ab7630e16309f26

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_el.dll

Filesize
44KB

MD5
638491d6e7411ff991caf3593ba96bca

SHA1
14e6fb5ad4a66800fd56be8d0f2bceaeb765eaa7

SHA256
964614d4e55cc2c61962777e23509aaeafcd3d78939aa148974a4b2fa574487e

SHA512
245de32e72c3701cf58d4260931d4450d4bcb204c72bfc92ffc37a06c00bdb95e9231d86c47da1e2927c8ec4f4ff4fc8a2948a741729a2276f3d3fc7f48250ec

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
1731e2a7c6613805d563ce6dbd7029e2

SHA1
855a96774de85edb2d42ed62f4a930389020d1e2

SHA256
b52ba05b0a6b87b62544b68cba8790c5d823baf93da0fff65696f3def0e02be0

SHA512
9b846e535e86c2e023806235ae78ed4f68a984bf4c3c3d8779232a88dba449ad0484003b2c2563cd89bb9e022c2a3068fab90e4890614bc6f75d4847738028cb

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_en.dll

Filesize
42KB

MD5
1bbccbbbeafa25d677e1accf13fc7e91

SHA1
522cba760d745a78f9d2b1af43431b749ba525dd

SHA256
8dad4dfdddb975321556a1f1b398459dac6d68d6b29ea05e96d280b256cf0109

SHA512
f06b803b293a7a3e4b435a741179ccc64b41818a890a62d75dde459667c58db17b4b3a24529a654a64322777941218885a2b6e7b72e6e334386c1dfc20d0da38

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
6320127c77432434e44a89e93e2a5dd7

SHA1
44ed93983ee3fff1cf36b12d46450106429f6174

SHA256
4a02176ad398ba84f2420249e5a6afacb6bad12fcc810394d476d149bf889619

SHA512
a386719934fd85b6b1d7fa5c85e5214b29d5d6daa8853096ae60c41c2f99b87fa4518406d4d6fe942bb04f650aadcf905501dd0e41eb614ab11038a12026a707

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_es.dll

Filesize
45KB

MD5
8ca90163b756e2703eb5f92e520d4ffc

SHA1
1b6b24a5b2cca36c90669add9c0a0104df8aec86

SHA256
ac60eece8c5458a6110eba9fe47f703828da5999408a5e9c9c689365c6e4eef3

SHA512
0a38c7b95b8cfc8d17de80da77af898c395cc709a207787bda6e29681357d4c160ef11fcf80adb08558866872f34a525fd2b737f7d640d8e936cce48da8f4505

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_et.dll

Filesize
42KB

MD5
1ca6f5c39615ef0f16976a34a47d48aa

SHA1
f3983a754f6c8e857829b613d08d726b5a3de59a

SHA256
49821ddc2d2af2d21fb9cd7747c618f6ce9b8fb69e110dac017b4d41ad0bddf9

SHA512
715acb72219bea384115419f822290f145c89dcd35d2d5a14d14890aeb22640866806da9b01f5e6e0778fa982283481325d5d8ffa91933a976fe889c78222c73

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
92e7886205eb3792cbbd3633a183cb12

SHA1
216564647a07115d839c885770d1c360475279a6

SHA256
2b630895ba3b973a2b1264c715b6744c277ff55031aefd4c26dc9d2360a3357a

SHA512
8d1a294fa164265de6621586efba9ee775c2819d662837cb3675c4335a106db74fb8fb1758ae5bfd9c78dc799590656018a20d4448ebf2077cbe2b266f73a776

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
e45b0c0b274f1aa93d559590998c572e

SHA1
10f6e82ba3c00e5435b447bffdf7bf9ce48ba263

SHA256
dc0a8ce05108eff46fa2a5cd629d23693c826dcff45eb86e31c4ce163fa9a465

SHA512
1edf3cd05eb01a9317434218fca95839cfc5147c8d11c69a0d5c9228340e2c558fd3006b8daa821bcea20d54b2c7ecb088225ae14f8b380a4ccb43482e048136

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
56cc233b80def41a589fbd52fb36626f

SHA1
70bf16bd33e95cfb894075c5d5ad30c3f9d39bf8

SHA256
864ceeb444e065766fb0b7f0ba4938e6f56ea6fda8a62c9530657abb7fc2fa78

SHA512
290fd8a5b39c8675d3d41bad0cab7410445a30adef62591d26a5da03723f86486468e3eee95926f0788fbb7959347f0e4c0db76ce7a78a22cac01817b7c44e11

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
7b2bf17744445d49d1b61fe75d83e14e

SHA1
5402f1f0957f844420483ea3754807c4cb2cde86

SHA256
44d264d2654c059b777bcd7d011024b8104c028556e2dc9cc470a80d5f3a1f9b

SHA512
1b79e79168f9c1af4e736b5996c64f10fc8dc78960ebe9163b34230a11e0c9bdc58a799d963fcf31bcf87fec433e8abe88ba3f0ed01a6ea8e1f132f296bacd5d

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
d3150bd7fa51c9aba84a2fc43c440983

SHA1
905c95de9153b94c4907230f16def4b214fe0385

SHA256
7adfd3b65531abf14f74b5d72ae29d5baefe44d0d2ea2991f6e4c949da088a67

SHA512
02bc2fc52ab74f0cb46e436570a5c099d5295b587a9952d1aa6f5e28c79b1a19d1245e05229ad5af568875d53ad2700dd97ae9a97d95d7869a4180f63da094d0

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
bcb8e81f1363784b2c47ca4c8643219f

SHA1
9244c30660b017edda9d3387edcfeec25875b3e5

SHA256
545c1d69d3f9b1b512812dea31ad890ba95feb4ca3bbbdb98ce72a801919d116

SHA512
463c77b2daaaa30a0a3260eef19068da3f6e0c2d0099d628f72d12b5e49b69ff93d48bf3fb130bddf415b5941f89d2815afc5d917bb4df39f69adebdbe59bf09

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
f6c25c1a214bb598f111cf4fa8b3400f

SHA1
315786decee66575abb87c1cb23af2dd46baa0a1

SHA256
a584889f453cfa9e8f9e03aa91187a00b2b1fc47161835bffa1f88423e293c3d

SHA512
f5c1c8f31c9bacfab4c91ec22429f202649012aad200078ceaf207b001cefa452c5ee75b02ff076b980d4cd25fe675447ab09a61b648a640fe6a5fb58a9d0ca3

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
840e859d33976a45d9aa79b4c5160d33

SHA1
6522f4d21e80b7f83ab920640914dab9ac2dba5a

SHA256
edc63fc935d0de9fafcb06ef7e985009653f3650e3460a6e74272aa518ae3db1

SHA512
8f4c71265d0f01a88960686cceb8489eb2be2683cd6de697d4474553debd4646d9dc23f9bec53a028375f8da9cbba27dccb8b861720865b285e32bcfb0e8828a

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_id.dll

Filesize
42KB

MD5
2bebedf7006e01182b4724cdccdf8209

SHA1
d29e8371a2fd2fb5673ec26bce9a76aec61fcd0b

SHA256
a57a4d3f382f02ef972dcec0b92ff766e8dff63638deba1925e4360a391202ec

SHA512
605cb76437c2cc7868f88e24a09fb61d9ef81e104d1471443806c7cc31500b92d90b8f014d8aecbb85cdbbf2d9d6950e95da1d0f3ff6e6f5b195c54c17df7b1f

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_is.dll

Filesize
42KB

MD5
1501833c6ba1afd0be75f245359aaef3

SHA1
5380a6501658d195008da7fe4934d3f229fce5ff

SHA256
08adde568bc6e0b19da788fa5de81a5817faa7a750c926989e73f1c2be40573d

SHA512
bd0ac891af264c25e264bb7562ce0ed9ed02a6d34488fd684c9cf8a4936482a072d30e1939a5042a4e10b399454804f00d45af24f2c8fbddc01653b0d90236f1

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_it.dll

Filesize
44KB

MD5
a70215145e52353fa80de6604ce5095d

SHA1
26cfcbf62d47c7830f53135f321cf559c9cf403f

SHA256
9f7f4d8a0683c64a3657801cfc399ce390ba1138fd90120f49c601afc9a88cdb

SHA512
27872c2cc2c0fa49146ede7e4061b3ce2322415ff8f9ff5703491c8b64ca0735207a64e520237d8174706e0e915f28862eef71a2f9d804ee02512095f87d4ab1

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
052f862b897a8e59a203ccaacd5ad09b

SHA1
07734dcf9c61c51389836e04e3b0125d7498b632

SHA256
c1bc29fd83d244a5d20674d90e98d995a255c9dccf90881f028bf35eed8b6276

SHA512
949378b1fa5ec568b99456bd475570565ea8adc01dfa387d3f87808a9c2037b82613120117e0f582bc65eb619ce7d0b2e447148236bd0262bcab5e3d475fd202

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
ee568bafe0eaef79ec54688d04816e42

SHA1
75c46969898fe1326a211c99ba03bdf2f42fa4ae

SHA256
adbdb88fac6f4b7af1c845774e870f356aa7018ccccdd10196b10f18b9b0b2e3

SHA512
2cb1568bbff7d338baeee2f5c82a003aad0e17671857afb956cc7026e19f28a1da1a5b3d3b362f0ea70bb9a1365a07445278f658aa9cab290a9e8b97ef7dbf9e

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
d876ced6baff678cbdf14031fbde9631

SHA1
fda2dbeca454660ecec9ba1337b0753f89c75549

SHA256
2613a42698211413ad94a5854e4e3fac172abebfebb4eac12a75a042aefa971a

SHA512
1cd48b49ba164491bff2a8e3a2c5a033d4aae30b2722f601f42db7d58284be4630c8bb45f24b505cc066171a9eab7700707d4ae91a5bada2644eb1a4b36798b5

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
2b67991318d781869538f48452bdb153

SHA1
d008b609e56568078cfbff28b6e549f940c6fe96

SHA256
520345af1b837d49bfeea54de3b7957334c998dcdac77083fd5877a494250168

SHA512
1774a4bc5da769cf2f3593feabb1a5561ecb4606916d6f66b097511595a5a0718f839e55e7ec55052451c5d0f9320a3c64c43adac103c3463b3c0ff9d8cbc191

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
c3b9e9ac6cead1e698c30dbc081b89a6

SHA1
6ac2b98c80decf71f328a65c894365cede7f732c

SHA256
da25075045e7caf14116921758ad7071abd16ca16ad30aeac51424ebe2fc8059

SHA512
e4dc34f339f3a465f46d7f7cb26852e65455016d6fa1319ab4b5d04fc80a67035c87f50bbe4afcffb3b0a4912669b9b0a441325c40d0ce522d2286e794200c41

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
2e67805ec1c2f327cd75145dfb6c0b4b

SHA1
40464bd191080fba9c7287994f0ad171c9b9d0fa

SHA256
3547e9a1cdb6f0337b704754504068cda39e4075803078e37dafaf474962e71d

SHA512
da12838e1151a0673a043b3eb6a8d9ddf80e62da3fa1b872cd5a0d263bbb228330bb5f29b34c37a8e00f5e28b35cfc5cb3143d3132ea10c060d2bf4bd003831b

Download Submit
C:\Windows\SystemTemp\GUM1B16.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
77247706328fc4cc32b7547b1aaa44a0

SHA1
83816340fa190b967a6a2a34110f822a8732e1d4

SHA256
3c78a482ee4f94bf5a3cfe231ccc7d96bca83f96f621f5f6f167113e651f8aff

SHA512
22347f94e900c16bef181c3cbb9518b1b2dfe27923bb108d4cd39a497d36d5c3d515eee13a027c3398130e9defb389b4d8f0cef9d2bb78932a6f04b849c85913

Download Submit
C:\Windows\SystemTemp\Tmp5674.tmp

Filesize
6KB

MD5
5971fb300f4516109687e84fca4a1fea

SHA1
f08bc88a29ff6d9ce6a2b6710af91110cb9501a9

SHA256
374b96a07bca2b45b39e892b3ca71d34586a2e86ee79e2aca302d797c260f852

SHA512
2be36e715413934801425af05118b8599d6d68c1a9b532208381a6570aa70f118d7dea5186b09fa6f4f49c9893c6c8326e2786f330df4c418ab52de06d3b86b2

Download Submit
C:\Windows\SystemTemp\Tmp6598.tmp

Filesize
6KB

MD5
ea398e7de7b92f01cc2dc827ebf5f5a5

SHA1
34b2e707f19b72bbb0f2fd2a438724b28bb723e2

SHA256
838bac471c44667529f70ad9b1ffaa5820f684ac5a0cb76850e9634f48198d1f

SHA512
dfd8c1b3bc1d63b9d6ece2a8e32cb98150714a4d758ee7656123ddf31efb13931dcfcb8002a9f6c1e92b10b1aba8e7cc31414e6ea463e4da7baed412686fada7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1061059425\manifest.json

Filesize
592B

MD5
19ed421fc6add513409f3a6111e99740

SHA1
3f8aa82f5541b053359586140c12633f4285854f

SHA256
13540e170bc0380879138bf7917bfbecec52c172b739aa9c827712e2e133556a

SHA512
ff25316af44eca37f979d03cef5a36f6ce84dea9f0ece68ac7ede1b03d939210f15a4248aa7b9feb3081e1f2dc646bd06940826ea02c6909340bfa0ccac10c06

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_150333211\manifest.json

Filesize
578B

MD5
7b5e33ecdef2dabedb9ec3ae8e910684

SHA1
4d700bdbed3c331652cd311d85ac3b14dae72594

SHA256
b8cf5e022bb49c937dd806ca1681044851dcefb2096764816dc9eb63bb4a639c

SHA512
2aaab33f0d6325bd3e78a6a3e46472b7f537da34831287f63849e9f5e56bca3acae2ab0bd49a998b15c7265c503c23b639ff33f1fd797e88d97120ed663bce1e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1612383827\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1680836787\manifest.json

Filesize
546B

MD5
1d8d4672ecd09b369d75cf999826c4a6

SHA1
8cf3dddb75dad1f8cac25cba70dfc193a57e6c5d

SHA256
21f5cc31ca1f223d209136fc4527e3f445f2d81a6aa699e55619505ed5adde03

SHA512
d73a0030636046bd33543251c69b1c401fb8701e91f2707b35aec8bf9ac1de112a45c7ad1f3f5a142047bd54698e20a2b2cbaede78c158f9e99c44e1a8455910

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1764174951\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_1957431506\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_2007416432\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_320115815\manifest.json

Filesize
584B

MD5
7b369bc20969bdb5f58cf4c7ccb3543a

SHA1
8cda10047959c59033248a7890a9fd34df6a5e38

SHA256
c552457b2218a67b8f30de99d5c28a7f75a24b13d19ae32b6603e3d4fd11afd3

SHA512
535242d9c5b87ccf89adc2c6cfe50c71fe52407de9d33793846ae1ea6f9a8d0f0ab2833fabf8377bd7bd8b3acb2aead22dfb20b914a7fd71015ac0e0bc567d30

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_732274215\manifest.json

Filesize
595B

MD5
c44c54c5d433b7a0ed7b6809ceea22e9

SHA1
5d5981ca369064e9b7550ac02ca111468d822c7d

SHA256
3f996c2f69bfbc071f1c870655aa7efd78556e3b0dc4d530fd21558c699211bc

SHA512
b630cdebde166595ef49718b673b7327546cd5288ad989e7f72a83fb24a52a9eb9fccc007147111fef171e4afd977d8bde2533ff92eb441f3ffa5e6f9b1c716a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2996_779220917\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1158455058\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1271647286\manifest.json

Filesize
107B

MD5
27236395ce59c88a97e8d0dcff44fc45

SHA1
e55a2afedd85914131073021d5de4b64dbdbcaa8

SHA256
fa0ff36fb3b2a396905448ad1a9d3d0425699424398f9b0fdeadc7c4a961f997

SHA512
cba3e76fe2f3ddd71276a26adfb7aa70843bce3ec761356a6f2f3ddc601ca9158a6601b6933d5a4a7342fb92e4be80fc2c851256e85f816a5c3063f6d69aa77a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1379321696\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_1729641044\manifest.json

Filesize
73B

MD5
d0d700d97af7329eba4106663e78eef3

SHA1
3edda685dd4c1784f4367145b4bc33c0931a3f52

SHA256
e8d45358e5cf9c0d78c905f62747c374e28c0b3104fe63611f795271d68213f3

SHA512
28c97cf9009557bdaba19edad046bbe1b0dc6b1c826402beddaa19412bf854fef8bd58f9faaa5091bcd43fa55c65bb69cbad9d2b9b222185e6a3cecddfd3650a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_203900855\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_793683527\cr_en-us_500000_index.bin

Filesize
7.6MB

MD5
dba10ee1cbdbae8bf4ea159c6e8f2f7a

SHA1
357357f8bd99f8e575f48109161bb66e80dd309b

SHA256
87aec4e97461917a0c97f12ce3be335fcc3e2e4934587aa1f4e64d27f7616031

SHA512
f9ffc6747dfe3515bc586664e3b5480f467dc34f747b6ae26857e00dfaf8ab8adcf379d29b4a2cf3e321511382f84e21d0e4e825bc7ea2b1a31bd165483bd10b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_793683527\manifest.json

Filesize
108B

MD5
6d4c0f3876842b2761a7d97e5fc9a6ac

SHA1
4844746ce3448b84387706d39d207358ce0edf7b

SHA256
76b22350844a8fed2d6a876c48b721d93cf9f6f3bd29eadf4e01010a7854299f

SHA512
9a544831da18cb4d53690b2588e32a65005cfce61608f7a399b3bf1fc5839adbaea42e37826198edc440ead013821d874ce14031e31a8716cfb2dbd631752095

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6272_883476119\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\7z.dll

Filesize
1.6MB

MD5
3430e2544637cebf8ba1f509ed5a27b1

SHA1
7e5bd7af223436081601413fb501b8bd20b67a1e

SHA256
bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

SHA512
91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\dbclspkg\MBAMCoreV5.dll

Filesize
6.4MB

MD5
79b962f48bed2db54386f4d56a85669e

SHA1
e763be51e1589bbab64492db71c8d5469d247d5c

SHA256
cb097b862f9913eb973c6f16e1e58a339472e6abae29d8573c8f49170d266e8a

SHA512
c45ab55788b2c18e9aa67c9a96b8164c82b05551e8d664b468b549cced20a809257897cdfbbd49f3a4804a4adcc05323f21c61e699173a93dda614e80d226de4

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.36\mscordaccore.dll

Filesize
1.3MB

MD5
3050af9152d6bb255c4b6753821bc32c

SHA1
7a20c030a6473422607661ffa996e34a245b3e2d

SHA256
97468531d7009e36c338b47fb19e0c6bf210f013610f413c852a4cc27e84b514

SHA512
ad07c4b0bb995e80a1718d74992afdeb6c2c4f217e72f361691e2d04dae9be9cd8e55b50fd7172d73755b02b6105c00a3b67534ba9469d92f9e0fbaab8e8f1a9

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\servicepkg\MBAMService.exe

Filesize
9.0MB

MD5
a91250ee015e44503b78b787bd444558

SHA1
fe2257577e22f4a65115745a6624465258065e8e

SHA256
a43179b449c2bab069cfc055de0a3e9e5f3ba378fe4306c19f2b999325a2c7b2

SHA512
8e321a20d4bda5ad203e3880c0d4ec741b55ebb3c74250f365086dd338b61eafe79d746b53ac786fc2bb9defd21e36fddc1be50e11b89ae8b337568f2c939e36

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTemp7cd83fcecdc411ef8a26d20112bc8c05\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
memory/7424-9126-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9125-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9128-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9118-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9127-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9129-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9119-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9117-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9124-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download
memory/7424-9123-0x0000019CD9EC0000-0x0000019CD9EC1000-memory.dmp

Filesize
4KB

Download