lumma | 70dd0e733bfb7ad587d5766a4905288aa4912e81bc499268e31776a805cb20a3

Analysis

max time kernel
893s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-01-2025 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
Size

1.2MB
MD5

ac155134de0e4073ffc1fc3c4331d49f
SHA1

5f376da75612a3ea2340693820ecc0f92d857b18
SHA256

b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349
SHA512

584aeee314e0eab71870dadc1ae32d0e6b67de9a89f13081c7e30672f37c5f6f7da50a5eb71c68110adb6327c83a24c0ca4fa67b8e1cbc4950ff370594845918
SSDEEP

24576:7QfT6WUppc/rPx37/zHBA6plp+51CEr3a8JFUDmx9MN5dz6Za0Mb2Ohpt2l:ONrPx37/zHBA6pGPK6xMzApM6

Score

10^/10

lumma defense_evasion discovery persistence privilege_escalation spyware stealer upx

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\132.1.74.48\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x001100000002b418-7183.dat	acprotect

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
4240	BraveBrowserSetup-BRV002.exe
240	BraveUpdate.exe
808	BraveUpdate.exe
5008	BraveUpdate.exe
4976	BraveUpdateComRegisterShell64.exe
3640	BraveUpdateComRegisterShell64.exe
4836	BraveUpdateComRegisterShell64.exe
1636	BraveUpdate.exe
1516	BraveUpdate.exe
3044	BraveUpdate.exe
1636	brave_installer-x64.exe
2596	setup.exe
480	setup.exe
4000	Ninite WinRAR Installer.exe
3800	Ninite.exe
1480	setup.exe
3776	setup.exe
3840	target.exe
2396	uninstall.exe
3276	RarExtInstaller.exe
4972	WinRAR.exe
2884	RarExtInstaller.exe
1128	adwarefreesetup.exe
4800	MSIStart.exe
4992	BraveUpdate.exe
1500	BraveUpdateOnDemand.exe
2728	BraveUpdate.exe
5144	brave.exe
5156	brave.exe
5584	brave.exe
5604	brave.exe
5648	elevation_service.exe
5676	brave.exe
6016	brave.exe
6048	brave.exe
5304	brave.exe
4980	brave.exe
1744	brave.exe
1824	brave.exe
5720	brave.exe
5832	brave.exe
5564	chrmstp.exe
6912	chrmstp.exe
6964	chrmstp.exe
6992	chrmstp.exe
1608	brave.exe
6232	brave.exe
6556	brave.exe
6604	brave.exe
6620	brave.exe
6584	brave.exe
7068	AdwareFREE.srv.exe
4240	AdwareFREE.exe
5812	brave.exe
672	brave.exe
1068	brave.exe
5004	brave.exe
3024	brave.exe
3244	brave.exe
5768	brave.exe
864	elevation_service.exe
4728	brave.exe
3560	brave.exe
6832	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
240	BraveUpdate.exe
808	BraveUpdate.exe
5008	BraveUpdate.exe
4976	BraveUpdateComRegisterShell64.exe
5008	BraveUpdate.exe
3640	BraveUpdateComRegisterShell64.exe
5008	BraveUpdate.exe
4836	BraveUpdateComRegisterShell64.exe
5008	BraveUpdate.exe
1636	BraveUpdate.exe
1516	BraveUpdate.exe
3044	BraveUpdate.exe
3044	BraveUpdate.exe
1516	BraveUpdate.exe
4800	Process not Found
4992	BraveUpdate.exe
2728	BraveUpdate.exe
2728	BraveUpdate.exe
5144	brave.exe
5156	brave.exe
5144	brave.exe
5584	brave.exe
5584	brave.exe
5604	brave.exe
5584	brave.exe
5584	brave.exe
5584	brave.exe
5604	brave.exe
5676	brave.exe
5676	brave.exe
5584	brave.exe
5584	brave.exe
5584	brave.exe
6016	brave.exe
6048	brave.exe
6048	brave.exe
6016	brave.exe
1784	Process not Found
5304	brave.exe
5304	brave.exe
4980	brave.exe
1744	brave.exe
4980	brave.exe
1824	brave.exe
1824	brave.exe
5720	brave.exe
5720	brave.exe
5832	brave.exe
1744	brave.exe
5832	brave.exe
1608	brave.exe
1608	brave.exe
6232	brave.exe
6232	brave.exe
6620	brave.exe
6556	brave.exe
6556	brave.exe
6584	brave.exe
6620	brave.exe
6604	brave.exe
6584	brave.exe
6604	brave.exe
7068	AdwareFREE.srv.exe
7068	AdwareFREE.srv.exe

Modifies system executable filetype association 2 TTPs 7 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCProCtxMenu\ = "{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCProCtxMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCProCtxMenu	regsvr32.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Windows\CurrentVersion\Run\AdwareFREE = "C:\\Program Files\\AdwareFREE\\AdwareFREE.exe -boot"	AdwareFREE.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
66	camo.githubusercontent.com
192	camo.githubusercontent.com
261	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001100000002b418-7183.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\gu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\uk\messages.json	setup.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_241074281	target.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\af.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fa\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\hi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\tr\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_bg.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine_arm64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\id\messages.json	setup.exe
File created	C:\Program Files\WinRAR\Rar.exe	target.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	target.exe
File created	C:\Program Files\AdwareFREE\AdwareFREE.srv.exe	msiexec.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateBroker.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\nb.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ms\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\vk_swiftshader.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sr\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_hr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\el.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\cs\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\es_419\messages.json	setup.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	target.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	target.exe
File created	C:\Program Files\WinRAR\Default32.SFX	target.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	target.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdate.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\am.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\he.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\hu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\nb\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sk\messages.json	setup.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	target.exe
File created	C:\Program Files\AdwareFREE\AdwareFREE.url	msiexec.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-BR.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\lv.pak	setup.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	target.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\CHROME.PACKED.7Z	brave_installer-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\pt_PT\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\bg.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\ca.pak	setup.exe
File created	C:\Program Files\WinRAR\Zip.SFX	target.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\sv.pak	setup.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	target.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	target.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	target.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	target.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\Locales\vi.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\brave.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe	setup.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe	brave_installer-x64.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	target.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ta.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\BraveVpnWireguardService\tunnel.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source2596_399382155\Chrome-bin\132.1.74.48\BraveVpnWireguardService\wireguard.dll	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-en-gb.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5812_2065990971\ggkkehgbnfjpeggfpleeakpidbkibbmn_2024.12.19.1218_all_fv3otvkif6vzxcwwn5ycxdrxpq.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_ro.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\Installer\e5f10a3.msi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-sl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\nadeem-choudhary-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-pt.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_fa.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_ta.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_256626971\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-la.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\manifest.json	brave.exe
File created	C:\Windows\Tasks\PC Optimizer Pro Scan.job	PCOptimizerPro.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_920428727\1\clean-urls-permissions.json	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-mr.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5812_887382677\jflookgnkcckhobaglndicnbbgbonegd_3058_all_aczk4nvyzcvpiqa4j4f6y7sra4za.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\BraveUpdateCore.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_is.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5144_361377307\extension_1_0_1034.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-sq.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_549310192\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_vi.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5144_47997216\extension_1_0_10165.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-ru.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_682922815\manifest.json	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_bg.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_ru.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_920428727\1\clean-urls.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1937719294\ssl_error_assistant.pb	brave.exe
File opened for modification	C:\Windows\SystemTemp\chromium_installer.log	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-de-ch-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-de-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\spencer-moore-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_da.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-ka.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_2082945216\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\nadeem-choudhary-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-mn-cyrl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_682922815\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\Tasks\PC Optimizer Pro Updates.job	PCOptimizerPro.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\~DF4B16F10DA4DCC300.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-gl.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_fi.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5144_1103618742\extension_1_0_11.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1354092525\manifest.fingerprint	brave.exe
File created	C:\Windows\Tasks\PC Optimizer Pro Idle.job	PCOptimizerPro.exe
File opened for modification	C:\Windows\Tasks\PC Optimizer Pro Scan.job	PCOptimizerPro.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_gu.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\StudentNTP_Sam-Richter_x0825_WINNER.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-hu.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\spencer-moore-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_2136232495\dnryisldmaqljgwaxeqbuuhuvrbboqlf	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-hr.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1246324907\cr_en-us_500000_index.bin	brave.exe
File created	C:\Windows\SystemTemp\GUME013.tmp\goopdateres_hu.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_259985719\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1188452573\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_784869954\manifest.json	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 5 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Setup.exe:Zone.Identifier	WinRAR.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ninite WinRAR Installer.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\Rar$EXb4972.41265.rartemp\adwarefreesetup.exe:Zone.Identifier	WinRAR.exe
File created	C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Crack\PCOptimizerPro.exe:Zone.Identifier	WinRAR.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
3840	msiexec.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\NetSh	PCOptimizerPro.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	PCOptimizerPro.exe

System Location Discovery: System Language Discovery 1 TTPs 28 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCOPtimizerproStartApps.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adwarefreesetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdwareFREE.srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdwareFREE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCOptimizerPro.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ninite WinRAR Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ninite.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIStart.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1636	BraveUpdate.exe
4992	BraveUpdate.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d3755855d3e98e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d3755850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d375585000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d375585000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d37558500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PCOptimizerPro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	PCOptimizerPro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	PCOptimizerPro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PCOptimizerPro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	PCOptimizerPro.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31156731"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3608306321"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe

Modifies data under HKEY_USERS 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133816827551974178"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\WinRAR\Interface\Misc	Ninite.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Ninite.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\WinRAR\Interface	Ninite.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\WinRAR\Interface\Misc\RemShown = "1"	Ninite.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\.DEFAULT	Ninite.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\WinRAR	Ninite.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C021D009-DA33-4564-82F8-BA95410436F6}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ = "IProcessLauncher"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BravePDF\Application\AppUserModelId = "Brave"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods\ = "6"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C021D009-DA33-4564-82F8-BA95410436F6}\InprocHandler32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\AppUserModelId = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ = "IAppCommandWeb"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine.dll"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc.1.0	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ = "CoCreateAsync"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCProCtxMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C021D009-DA33-4564-82F8-BA95410436F6}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods\ = "41"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\VersionIndependentProgID\ = "BraveSoftwareUpdate.PolicyStatusMachine"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}\VersionIndependentProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0\win32\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\132.1.74.48\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{247ADED5-C3DA-430f-A8BA-2F5CFD0A47B9}\ShellFolder\Attributes = "4"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ = "IProcessLauncher2"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\VersionIndependentProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\shell\open\command\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Ninite WinRAR Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Ninite WinRAR Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410	Ninite WinRAR Installer.exe

NTFS ADS 8 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\GUME013.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\Downloads\Ninite WinRAR Installer.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\Rar$EXb4972.41265.rartemp\adwarefreesetup.exe:Zone.Identifier	WinRAR.exe
File opened for modification	C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6.zip:Zone.Identifier	brave.exe
File created	C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Crack\PCOptimizerPro.exe:Zone.Identifier	WinRAR.exe
File created	C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Setup.exe:Zone.Identifier	WinRAR.exe
File opened for modification	C:\Users\Admin\Downloads\AdwareFREE.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
4908	b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4972	WinRAR.exe
4240	AdwareFREE.exe
1592	WinRAR.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
5144	brave.exe
5144	brave.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4972	WinRAR.exe
4972	WinRAR.exe
4972	WinRAR.exe
4972	WinRAR.exe
4972	WinRAR.exe
3840	msiexec.exe
5144	brave.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4240	AdwareFREE.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
6480	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
5812	brave.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2396	uninstall.exe
3276	RarExtInstaller.exe
4240	AdwareFREE.exe
4240	AdwareFREE.exe
4240	AdwareFREE.exe
4240	AdwareFREE.exe
4240	AdwareFREE.exe
4240	AdwareFREE.exe
5008	brave.exe
1032	brave.exe
2460	Setup.exe
5288	PCOPtimizerproStartApps.exe
5288	PCOPtimizerproStartApps.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe
648	PCOptimizerPro.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 5000	4556	chrome.exe	82
PID 4556 wrote to memory of 5000	4556	chrome.exe	82
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 572	4556	chrome.exe	83
PID 4556 wrote to memory of 3264	4556	chrome.exe	84
PID 4556 wrote to memory of 3264	4556	chrome.exe	84
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85
PID 4556 wrote to memory of 476	4556	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe
"C:\Users\Admin\AppData\Local\Temp\b6aeaa9504f00fac2d435ae3a419153df0000681def7d87839b47265b1391349.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8586cc40,0x7ffc8586cc4c,0x7ffc8586cc58
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3248,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3504,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5352,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:2
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4968,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4660,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3740,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5392,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5388,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5172,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3320,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5768,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3456,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=2940,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3332,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4480,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6104,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=2944,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5504,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3368,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3340,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5612,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5324,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5060,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5800 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3212,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6068,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5624,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5876,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=4352,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5660,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=3736,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=3436,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5800,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5960,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=1444,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5240,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=3424,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=5692,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5540,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3264,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5988,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4508
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:4240
- - C:\Windows\SystemTemp\GUME013.tmp\BraveUpdate.exe
    C:\Windows\SystemTemp\GUME013.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:240
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:808
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5008
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4976
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3640
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4836
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4RjBGOTZEMi03MTk1LTREREEtQjA2NS1FMDY3ODA5OTEyOUF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MDAzMEI1QTItNjNFRC00RDFBLTlGRjUtMzFFNjgzRDIyQTg5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjU5NCIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1636
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{8F0F96D2-7195-4DDA-B065-E0678099129A}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=5864,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=6760,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6892,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=5676,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=5076,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3308,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5268,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6720,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=5720,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6684,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=5848,i,1395539583132865721,10609842038410205642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:6696

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2932

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3044
- C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\gui53EC.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1636
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\gui53EC.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:2596
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7bf40e4c8,0x7ff7bf40e4d4,0x7ff7bf40e4e0
      4⤵
      Executes dropped EXE
      PID:480
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\gui53EC.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      PID:1480
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{66379775-7ACA-4C54-AB88-3EEB9384C500}\CR_E0E7F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7bf40e4c8,0x7ff7bf40e4d4,0x7ff7bf40e4e0
        5⤵
        Executes dropped EXE
        
        PID:3776
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4RjBGOTZEMi03MTk1LTREREEtQjA2NS1FMDY3ODA5OTEyOUF9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MzRCREM2MTMtOUMxMC00MDVFLUE0RjYtQjcyMjNBM0FENTdDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMi4xLjc0LjQ4IiBhcD0icmVsZWFzZSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS9yZWxlYXNlL3dpbi8xMzIuMS43NC40OC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgZG93bmxvYWRfdGltZV9tcz0iMjAxNjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgwNSIgZG93bmxvYWRfdGltZV9tcz0iMjEzMjQiIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgaW5zdGFsbF90aW1lX21zPSIzMDYzOCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4960

C:\Users\Admin\Downloads\Ninite WinRAR Installer.exe
"C:\Users\Admin\Downloads\Ninite WinRAR Installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies system certificate store
PID:4000
- C:\Users\Admin\AppData\Local\Temp\55c1617b-d5a6-11ef-aea3-6e43ea74cdf0\Ninite.exe
  Ninite.exe "fd74e1480d5048c6a8a5f17b5d2ffba5a75792c3" /fullpath "C:\Users\Admin\Downloads\Ninite WinRAR Installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  PID:3800
- - C:\Users\Admin\AppData\Local\Temp\57487D~1\target.exe
    "C:\Users\Admin\AppData\Local\Temp\57487D~1\target.exe" /S
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:3840
  - - C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      4⤵
      Executes dropped EXE
      Modifies system executable filetype association
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Program Files\WinRAR\RarExtInstaller.exe
        
        "C:\Program Files\WinRAR\RarExtInstaller.exe" -install
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\AdwareFREE.zip"
1⤵
- Executes dropped EXE
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4972
- C:\Program Files\WinRAR\RarExtInstaller.exe
  "C:\Program Files\WinRAR\RarExtInstaller.exe" -install
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Users\Admin\AppData\Local\Temp\Rar$EXb4972.41265.rartemp\adwarefreesetup.exe
  "C:\Users\Admin\AppData\Local\Temp\Rar$EXb4972.41265.rartemp\adwarefreesetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\7zSBE2D.tmp\MSIStart.exe
    .\MSIStart.exe AdwareFREE
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4800
  - - C:\Windows\SysWOW64\msiexec.exe
      msiexec /i AdwareFREE64.msi
      4⤵
      Enumerates connected drives
      Event Triggered Execution: Installer Packages
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      PID:3840
    - - C:\Program Files\AdwareFREE\AdwareFREE.exe
        
        "C:\Program Files\AdwareFREE\AdwareFREE.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:4240
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adwarefree.com/register.php
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of SendNotifyMessage
        
        PID:6480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc7f263cb8,0x7ffc7f263cc8,0x7ffc7f263cd8
        7⤵
        
        PID:6344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
        7⤵
        
        PID:5596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
        7⤵
        
        PID:1444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
        7⤵
        
        PID:6128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        7⤵
        
        PID:5708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        7⤵
        
        PID:5516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
        7⤵
        
        PID:6800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2608388133662166488,17325311416555266167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
        7⤵
        
        PID:5820
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adwarefree.com/register.php
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of SendNotifyMessage
        
        PID:2036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc7f263cb8,0x7ffc7f263cc8,0x7ffc7f263cd8
        7⤵
        
        PID:2704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        7⤵
        
        PID:6248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        7⤵
        
        PID:4412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
        7⤵
        
        PID:3120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
        7⤵
        
        PID:5276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
        7⤵
        
        PID:5360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,16391353968834585499,14250287794667019494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
        7⤵
        
        PID:5716

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:984
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:6380

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1500
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2728
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5144
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc81dbfd08,0x7ffc81dbfd14,0x7ffc81dbfd20
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5156
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=1964 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5584
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1872,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2208 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5604
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2360 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5676
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9598189018715345534 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3392,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3404 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6016
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=9598189018715345534 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3484 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6048
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4904,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4836 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5304
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5072,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5080 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4980
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5236,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5244 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1744
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5272,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5292 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1824
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4828,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5580 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5832
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:5564
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff64b00e4c8,0x7ff64b00e4d4,0x7ff64b00e4e0
        5⤵
        Executes dropped EXE
        
        PID:6912
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:6964
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff64b00e4c8,0x7ff64b00e4d4,0x7ff64b00e4e0
        6⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:6992
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5724,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5412 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5720
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5580,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5212 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1608
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5548,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5804 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6232
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5144,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5080 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6556
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5824,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5720 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6584
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5336,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5324 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6604
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5440,i,7192982189276832221,13518776505680121656,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5500 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6620

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5236

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5780

C:\Program Files\AdwareFREE\AdwareFREE.srv.exe
"C:\Program Files\AdwareFREE\AdwareFREE.srv.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5812
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc81dbfd08,0x7ffc81dbfd14,0x7ffc81dbfd20
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1892,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=2180,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2248 /prefetch:11
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2404,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2572 /prefetch:13
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3832,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3912,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:5768
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4896,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4952 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5176,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5192 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5212,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5232 /prefetch:14
  2⤵
  - Executes dropped EXE
  PID:6832
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4704,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5292 /prefetch:14
  2⤵
  PID:6188
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5308,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4280,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5520,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5548,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5620,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5456,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4264,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5296,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5820,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5540,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5628,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4516 /prefetch:14
  2⤵
  PID:5748
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4228,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4220 /prefetch:14
  2⤵
  PID:800
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4444,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4296 /prefetch:14
  2⤵
  PID:6152
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4212,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4284 /prefetch:14
  2⤵
  PID:5976
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4224 /prefetch:14
  2⤵
  PID:4784
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5440,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4268,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4220 /prefetch:14
  2⤵
  PID:3248
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5536,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5916 /prefetch:14
  2⤵
  PID:5980
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5780,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5244,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5868,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5888,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=2940,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5332,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5464,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5776 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5008
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4732,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=1288 /prefetch:10
  2⤵
  PID:3448
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3964,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5988,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5468 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1032
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6100,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5844 /prefetch:14
  2⤵
  PID:1612
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=1596,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6316,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2892 /prefetch:14
  2⤵
  - NTFS ADS
  PID:7144
- C:\Program Files\WinRAR\WinRAR.exe
  "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6.zip"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1592
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6360,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5776,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6256,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6620,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=7975251259580250118 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6096,i,16121143727709911781,11195596941754854239,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4260

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5964

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- System Location Discovery: System Language Discovery
PID:788
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5356
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5976
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:5868
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4004

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
PID:5420

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
PID:6004

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6.zip" C:\Users\Admin\Downloads\
1⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:1420

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Readme.txt
1⤵
PID:6412

C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Setup.exe
"C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2460
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll"
  2⤵
  - Modifies system executable filetype association
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:5380
- C:\Program Files\PC Optimizer Pro\PCOPtimizerproStartApps.exe
  "C:\Program Files\PC Optimizer Pro\PCOPtimizerproStartApps.exe" "C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5288
- - C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
    "C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe"
    3⤵
    - Drops file in Windows directory
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pcoptimizerpro.com/ordernow.aspx?bit=32&tid=GLF&tidsub=1
      4⤵
      PID:6236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc7f263cb8,0x7ffc7f263cc8,0x7ffc7f263cd8
        5⤵
        
        PID:6292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2080 /prefetch:2
        5⤵
        
        PID:6304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
        5⤵
        
        PID:5228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
        5⤵
        
        PID:5276
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:2420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        5⤵
        
        PID:4876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        5⤵
        
        PID:6716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
        5⤵
        
        PID:1568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,3646866694667113325,15774938828049615287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
        5⤵
        
        PID:6868

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Rus\EN.xml"
1⤵
PID:3124
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\PC Optimizer Pro 8.1.1.6\Rus\EN.xml
  2⤵
  - Modifies Internet Explorer settings
  PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Installer Packages

T1546.016

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Installer Packages

T1546.016

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5f10a4.rbs

Filesize
10KB

MD5
a2fd91d4d1b44dac64348050e4c5efa4

SHA1
8dff79a9231652ff16ff476f462da9651daa2d2b

SHA256
3a9d0857498ec32931df747ed4026b9c6cfcf1a88c29cf639d34a94c99fa2486

SHA512
c43c56a4e5c7752155f00ec87e068452d1abe37f9ef5858e9cccea1a85da12a64a6dd0742f4658f36cf437e663e2040f95d9de2cd5f91333d7d32485782483bf

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\setup.exe

Filesize
4.4MB

MD5
68cb538abee1e6f982bb3e227f644880

SHA1
8374784a94675c9d7a7b6b8642288b3c9a24d1ea

SHA256
f570090435611bbdc706203e57a4c3e767f179608c1ebac48e72decb2895d659

SHA512
2e1f70385858f95ca988f0eb7cb26279b1f0fa6a0339d9dfeb10758acfd64c16f7a02b3ffe284f26bfa8499870448ed34cfbd55560595113c3bce3a61989f195

Download Submit
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe

Filesize
14.6MB

MD5
e3eaf30b68a0d5d7ecc66ee20245da04

SHA1
2f5971b17b138dbcaf16a9a8edfb742e6720ca92

SHA256
81ac2bf8338d5068bf224a058b9da8f45cf7cd19f76ead74dc356a1cab305dc4

SHA512
a29084862fa8095d0af4fc353223a5bdbde241edc88d637543d29f491dabb77b04b32aa0c92a10fbdc5c4ca47170a02380ef6c84d91ccd28c2253c779ed7cec3

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
477KB

MD5
d36be447f422abc82276af9cb2f2741b

SHA1
f3ba2f58a88086f1b420a7520a5439a9eb851b79

SHA256
82a495858708b726f26cb86e2fbab8df86b9008a671be4c1f6c4f24ed3013735

SHA512
b9f5ffe578185b2f112d0bba21fdd6677d64986445ff971e9f6e8aa87a4684c0722b97a473150aff2742929fcaa79f6e336bd05d462bbdce149d634eb2f2d3d0

Download Submit
C:\ProgramData\PC Optimizer Pro\LOGS\REG_LOGS_01_18_2025_14_19_56_PM.log

Filesize
4KB

MD5
d226b677008e812ea5855a31ca1cbf11

SHA1
18574f1b9a966696815ecdc6eb40528ca09cf7ef

SHA256
c19bf96fbd4960376506eb4810b1bd35e38b51bf5b6e5939b0b242ef785f99e2

SHA512
5ed6492da64daa1d95db57195a0dc505e2e862841ad35228d26d8917049b061779524423a184649d2946ac0107a6dbfc2dd2276f7b9b30a88e607db97e6263e6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9495\crl-set

Filesize
614KB

MD5
4a3598f18279a2f5fc2df5a76dd37892

SHA1
a9553a49e8e678a5a07f277816220d1cbc66e8d7

SHA256
de6ec7221aa7ae542219e4e2b4cfb39935ba35b2fc731896c27458af02dff2ef

SHA512
5a4f0f98a8660dad5d80b164d688174a4a88a4bcbe083ca82d382c1cfacbfab338b51e0a056091de044a347bfbadc59a3ff74bc845ebdba12b536a7e741b0faf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
19cee928c0eec6d67b2bd432e3995887

SHA1
8ceb5d29d8bc0f43a0e418fc9ffae60bcd7e4b49

SHA256
c814cd0e74ffd63783b8488616bb87538997e8c35d07adff3368b89bb38de3d4

SHA512
1d88c156a41c724986c36dd6b3589a8222614c864884dc50d6c395c48b8b8a45cd13579c03d3d794e3dc2dd3dacb2bd76cfbc0767d117923d0415915d304a3e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\68dffbaf-cc4a-49a4-8133-b0290c08a9f0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000014

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
26KB

MD5
cb9730521646fef01a3a198ece746240

SHA1
245b35fade029a8b7d6c732dfc79d38103fb0352

SHA256
c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71

SHA512
e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000029

Filesize
23KB

MD5
f837d382a885a07c34a3d4bf4f49373d

SHA1
68ddceef1d164a48d9d01d4a74f26b7897323229

SHA256
dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33

SHA512
ef010d89971c4f69af7bf541430364c56245a5b63ed730fe628e49f48fa9e201c7f42b1e104eb14c3193bf79dd7ce20244f6b963e9996eb8308c0d61f444ece6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000042

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\CdmStorage.db

Filesize
160KB

MD5
e9fcb41b1fee21cd572a91184c8c23b8

SHA1
699099abc30e0d96c364a68f967bd2e26a1535b7

SHA256
68590788b1ba533d2f2ca85f81dc711238a37a095722823f5651177b38fc2b61

SHA512
30393a706900f3ab4f16ff326a7a9da68863ee254c2c9bb5d8bcfc95239f919b8bb3c392c064c1bfb86c23344769ded300f2c11284ecf89ee8a09d5284f968cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
66f657e6defd142efa6de92ebc5b3e1d

SHA1
05a106971c505289e0d38e0d06934c861adbfc58

SHA256
301c4ac758b2cd71ef3d7d6029011c5cd7c5c80d0908775e5a6e0b1f068a2ed2

SHA512
ccb62530ef030aca429b4efff909b5eb57a26d66038ccbc05af12938fd5076016825dee4c5442aa5dd9c488021befdbe2b19cfa404b7a0327dd0c48bf6c58df8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3ac55533da06df74d76bd7a5d6f4295d

SHA1
b30825cbb1c606ba8c2d063f3cd7d88c69b8e4d3

SHA256
952ea70de24a0301b7c2c5b09bd05a163d99b301cfadf37d2c5a21f17f5bdc08

SHA512
adaaee86279727b47b072a4d22ae811ad99d547ec0fed05be47efa7ff16bb8688054db86677b732305fb18f354eda359318bcee9effb1d4d5e382728283bec0a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
16722074ed3422353bbb24f2ac872681

SHA1
d16656c4b51ba1fec756e31f2d9a7b2e9b11ce85

SHA256
c8b2d49cd18bd67d1dbfcbb19a8ab4176a0d920475e2085053276d9e9745224b

SHA512
fa15d3b991ead2aa14cc97b13cd3d1f56596ebf494cb553aeea8377f5ab45c40be8f34405ce8d9e69bfd9f3b85efaede817854a60ce6733dce137c973758e49d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e0e06d89d561424486affc7453e74f9a

SHA1
b127b2448f23eac52f51db1c7725518b581181b9

SHA256
eacfc34cb386cd4d52082b3f65b4ef24d955007a5f9675396c3011d84250c37c

SHA512
1b2a8ae5575fe71be3d4186bdb5e9af7d495b106108c279b1464edeebde4f19e291bdffee6b10bbf57d20a427d886800e96713444c72b88e5a927399497e5ea3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
88fa97ef4d5cae199cace411356de014

SHA1
676ec9457f50196e6b99e3610170f2ba528f1350

SHA256
c3dba4bce1934a86b9b93f07854f0a6b675843c34fa67740cd3755805554c743

SHA512
4a7045f215f4ce5ebd14cb1a404562f516277c42a3dada567753d6f416333792051669ec004d1b67332ec7a7bbabea3da7f254da9a3db3bcd1a0ca98c44e6149

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
195B

MD5
7412f64f0c53f7f85c5c3a1392f7c375

SHA1
d301727df04fb1f014f5f08b48edc2f37f66720e

SHA256
d9f543f26faa7a10b9158b1139f01fc1e8e5fa84a50356a4916fc1716bdfcf81

SHA512
9b8ce1c14435a7b40428452deb47976ea2e090d9894aa52b6e86246fd6f16aa799e87ad3cd58cfc675885393447f9a0988e1d145a79a017c6c0ffae1399b795d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe62eccb.TMP

Filesize
188B

MD5
ca9fc8d86e0f1d5d224829ab1cac8732

SHA1
28d04514602e38a3ebbe73a968b449ee9e4c52cc

SHA256
10835da29afcebc6d58e2edd63d36147af9bf29039784db9038c10f7e3d2ab68

SHA512
b5136f58890d0cfe7a8b22d5ba5ff6ceb23860c74a83cf890f2e563c99bed0a9bbd2a4465f0eacdc0563108524ba251ad8d84f8a357bab4e2e089978679868c6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
39f396e4cf138920391b909b646d2c9b

SHA1
7b26ef00027939c997325edfb3c8d409e597b5b0

SHA256
b023d4dc02406635eee4f096b22a96c57d93399abcc1beccbe9bde8ae2c33ee6

SHA512
ae1cf1dc0edac71377a09538b684c4b79386f072dc73af1d9c3cea841589433ab7260b2649c621b65fd91010fc4b203c98dc3a930ffdaba6dbebf5f9dd874289

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
559f67b637e607673980b459ccfc869d

SHA1
40eeb36bfd67380816988b45adb3df59b1c625a3

SHA256
4d8f3dfdc7391852d54f1a8b334ee30c5811824c62b1d19be062ed87e175eb9a

SHA512
20c56428afc961e4d70786b31a5c205465da41d27ca837f83ba1a89024159f09acd9fcf6cdd251f1f59ef8238fdd671027f50badb63dadd01ed8a919b5e492dc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e281df9162a65658d4afc7d0983c930

SHA1
66bd880438e626f0e087299a2691e9ad1edb231f

SHA256
c6e0b9c38422dfb0796cd5b3291d0d576f3737028c8d3366e50bf73c3e360778

SHA512
c396f2b701c2850253dd2a3a7fd0a738f760f46b09286184e3923f3e2f9acc24773bfe864bbff96cd5b16bd33277d2fd05171ea64a50fa3c5c8a14457371267a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9d6239ca4a645597dfc9835521c57c26

SHA1
c95f2dd605022b61d6dd70205b3cbc4a988f680f

SHA256
12eaafb7c5cec9810d5e18784a73af7cb89394a7cbe9fe149cba66220190350f

SHA512
34b3050aa6b40f5973def2731857252e5496d2a1865253ff865ef470cdb951c446ba4199881782746a183aa4eea009a347684d688edbcd758f2311723cef7d38

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a77c176f4d33e22398371d81e8001fb5

SHA1
464a1c3c7e31b5f320c852b9a913ae68cac4b938

SHA256
91dfa35d8d378a08e2d245e16f988d2891972eae40a3c0083c9c167b83ff1fc8

SHA512
c08647f10ecd6d4fb61f2029f9bc24505cabe50292977c56b9d588308c9cb832f62576ae284e4fce1a14910b74d5027802bb0a38515f218d3740f9d6ec17e220

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
368a6fd61864402ac8881aeb49b6644a

SHA1
9459aaef97d7132f9683cc2f535139185d22908a

SHA256
128e50df785e61a234d415d31a5d1a62afa5e6b73eee68d3a7f7d40575be25f5

SHA512
1d3648a4bc4e3add329741ee871cc3c1a0542b141259903b36ff9fa9d774314f12b4fd4f6d59fa75006adfe515b0116fe849848f98b30b279ead0be8fc667cc2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
393b0f9d53a078d7a22f43033dac27fb

SHA1
5ccca06f11ffd3200485026585947ca474937941

SHA256
54ea57c98d74ec6f866f0ef8bc303ef68ba101d558acbd9fbdb7bd2d251d501b

SHA512
938d9eebf25e3593aed46fbb023aaa5df6dff39fe3ec1ce663d46cf099e72dc6df6f4ef473bf7b9566b8dd0377cec2fcc9a0ae1ccd0f51e3fddbc479f276504d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
76a51068aa96165e11e11bf0d74d9978

SHA1
30c121dd8318502e714717949ff869096c4a6ed3

SHA256
7a7efdfd04c35a8c13e86a52c38f70f8a341ddd749f8a7bfc617159551b68258

SHA512
edd78e998dcc788b509e7a86cf2590960f2ee9d507c7369a8ca3dc0358d949ac32992b55087e4d58077d720a00f570189a86057a7120867d8d593c7639fb1bc0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
917413408867fc01828ec670396c2f6b

SHA1
85b1c148dd2fe3e3ff3d68ac81fa54c5b9a70c5c

SHA256
b23977cc6cafc4c4a87de305d89d3309fdd4250507baef81eaa5318594b04b53

SHA512
e33849b16379fb185f75b2873c6c8e9d812424db334cd5374bd190924f1dec95bc7ee56e839f672373428065088cd8e821ea91d75d08f3e04495c9539b7e0e02

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
def4c027bd2fca4d94b9acf088cbe0c2

SHA1
b367ace32a82c7ebd9b571d62722284aa3116757

SHA256
f67d9ed6a1f4c63192460a2b56c3384bee65389a6fb81515140ab86aa2e7d4a1

SHA512
2dba770bf3f2f7fb6926344489f9d26a70c72b5eb84309dcc6e4fc672480aebdc087a5dd8e07648ca122fde386521266b087d773006534b7f0ece58bbc30eab8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
62209ef44b083f2089a761ad2972a41b

SHA1
784d375e2d9e47ed3dd91d55fba5e9eb1128f180

SHA256
ce5f436efce31652964838c831e7c693628d01e964a4ef4ba0465c0545220572

SHA512
541e0f0fe338117104979f965522aa2189cc4006953ed1c099705e9aae97123fa4a844e98281250d43046630e350eeea5435cf652cc8c76109d0de13c34e058f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
cad73ddf0b0665f42cb63fd1c6cadcd9

SHA1
a169b5a9b481c068c527ab3e56792f8256a925ae

SHA256
dda33fcbe640c8e49a32fc64323e2837ec8f99b2a95323d920c3b7b1dd1dbe3c

SHA512
bad8aaa9311aebeaed8525a728b8fea7703fca6d07002f78d3745bc23cc34d94651a3308d4870ca5d8bdce7c0f8930cf3c8d4ce5b6cfa726b189c81c213de25f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe6180c8.TMP

Filesize
188B

MD5
1f97d2811696fd4204eb8956f885bc6c

SHA1
e39f12f2874b7e1d59baace37988e3fe57a860cb

SHA256
fdceada1745c19a22a3604b5dcb1ea32d52ade70a7c7babe7898765f5db996c2

SHA512
90c274bbcd90abdeefda1b087bf994b76181e5678c2dda1f244b8935ecba4bd26e60cce77ead5337c6c5785815bf3bccdbe06fec78e1d178689a4b20c9a96037

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
19KB

MD5
65396c3979fbdbcf614ab6a76ff88ab6

SHA1
3135f37a2f34e14436bd0ec86f534467593628f5

SHA256
f801b910a7bdabba92281b604f5ead41686250366186479d7dabc7f2ce083740

SHA512
f98adaa26fa2946869079a8e7c50968710313db71dc5f0b702f786d5f632dfb30f3b76711213b6e43297ddce88886f61809a01516f0e7edfdc3c68d47e2d062a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
17KB

MD5
8de43586213d9c2407db4a821d117901

SHA1
f55f9a00f8e10c75d2d701c428982869b9d4554b

SHA256
0f5e578e169925e9a75fa3fdc90dadb45ce9b00e5423d63a43a6ff53b0c0f566

SHA512
7441442b5dafdc0c4c4f88cf3f6dd204847964b709bf75de3611491ab0909495f6b10c31a66a8cc100f86416f5ba9ee5af6fb62e4b7ec6a05317453d215aab02

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
78a86ebe83771c05c5c4a4131471f370

SHA1
dafd32a2b424af93353e5243688ee4a60880f038

SHA256
3be3e0d664c54116ce152a5d3acb1d7949a4893e3c9cc5915266270f6576373c

SHA512
01294b8d1d98b027547865a97a42da7e4345fd55279e2eeecca7fa5b3c0de3b42e936e8e1edd8bd8a53246e0909710f58fdae991717db99dcd52e4cdc65fd994

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe5ef366.TMP

Filesize
2KB

MD5
8b4cfaee0ebc9701d9082a66a7d820ac

SHA1
1a43f2fc84fe06b262b11ce7decdbd2f2c1ee76b

SHA256
6378ed57caa4ee745450c0dc0730dd73585ac1b568310ea5a8dc1162fb673ccf

SHA512
80e554d4d90ea5c9cc46f9f5e26e0bafccfa85c20a260be2321a56cf3fc5f802015cacedd27d0fd8a145013dfa6929912f4fffd5df0806ea966713c7f9022944

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
ab70bbceeabd65be0845e2147bc32d5f

SHA1
0a1dd2fa5ee5f8251390241a8721199431493bac

SHA256
3b8d5017431deb388e392ff2bf2b6ae2f9b48aae26fe7750ea2ad9d317bbca98

SHA512
07fa1f99a10ef3ce4383629309320cd1ae0262c6eec2086f575f23675de745551d5f51c12437a282a425e7de6c27cf4c4579e61391b985c1f844d52b42fa0612

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\a2ad0b6f-e0f9-406f-824f-8ff35f58ae53.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
67e4031c6fcc5ad2ea200ca936c8889e

SHA1
97f9f121f8a3816b7479a8a169aa497c6824dc75

SHA256
6df3ae5a8b55437772bdf951b5c0362469840f1740cd9cca0e5c5a76ae7defca

SHA512
003970566dbddca53f7087cbf6249f1035d57763ea0c8e57463d177bb2aa7dd3256f1872dadccbc1cf295df6a889273eae8a493b873e913832b4a06a1b6ad687

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
4bcb09e6948dbb718342ca4688c7d9c6

SHA1
cfdb5a3aed1618fc28bf78f8ea77e0bc5041afb4

SHA256
4edcbd0ecd0a0193151a3276f08870b4b955edcab9379e11ef6b31c73b340b88

SHA512
7137b20f84e3f75ad78d950ac0841621ff9c183df2d4b04894b812890dafebbd37b7bfabde2b116c8f274a23da8425655c7d4abd9a335ff8e29786a441bd93b5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
7KB

MD5
ad14b74ce679abb4c29f7c7578a42433

SHA1
0b3b1905beb66aeb3d47e08778abcdc7c82411f9

SHA256
eb11bc3f220a4a0ab25021a4750b5fb18296ac770cb42d49d49733097ff50836

SHA512
b558efbc4981df3d6e301c6a6e95390dfe228a8460213623d203454b6cbf46772c0b68ec53d1734f8ce4fb492fd8f0e0371533c19cf4bf462fa05e08b27441c0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
74d9402ab1679fcc47dfd20d24bb1210

SHA1
22e57560e0676ba39a6fec790f3ec754b80dbef7

SHA256
6ddb03ac17d46efd45454a789d0861e5b92293aef9374d8d93a93da55acaff76

SHA512
40a19cd63f7677586da8e8dafd1cc0126ec23a4788d29e01731d21dd70194bcd8b9c4104e0f1e8a3c704a4b68da80d9a8c1f3a55ce8c44934f6aaacfe7d585a3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
f55a19ba83f591feedd314837fe3e0d5

SHA1
eacc25a08a983efe8eac464e8306535331751cd2

SHA256
8897c3b7914bc4cec95d317cfb4b288f077c7f1274eb273878867355522d73ba

SHA512
1a321506f27ddc09d5ea280bc2f5b945f5ae28fabc68ff4a63575f12f09e982e209e1ae00d5050ef84578ed15f615f573d3b50ef1a3a0ba9e1ba040ccb0e8de5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
79e2b854576af79d6247ab0e8025c1ba

SHA1
81402406d647b2e56bc425d9a84efcbfe8e00c0e

SHA256
6bc78add5373d97c348f8e48d5408f9fd49e05ab7b6e81b2ffaa0a7e9f3e1cc2

SHA512
bfd6bc3f667e1110433cacb57adedc465e2d81752533a298b0bf0aa430f6c05f5560a136d87019394ddb5df39bab98962722fe3230cbb136ba4cd2809dda6d22

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
058d065d6b43647b2b7a4183e31d3303

SHA1
221ac6fe5e3f71512d884ca0ed80a7b4ec723193

SHA256
b08f3e251446d013d340c184036166a01ddb44f17baa2de6cceee1cd286d7b67

SHA512
4cd0b99c77eef0b49e1339e572da9a0dff5a02eb1d6b940e550b3746248e3df71932cd12a42d1cbc4004fc5cdef823175529980260b0ac701185bc25557d6e5b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
61KB

MD5
67de19d4c16cd9e8730592348dd887a8

SHA1
99e6d3e19e13424123759906f9df775fec8b6977

SHA256
cada591c84e3d315e823cf2ff89cfc4a7b35c29f928f33a920d5bc86070e5d54

SHA512
770bb12cbc1fbfdf97f48ee180673c7412032547b71deb07db01d15dc2649cc743717f62ad60f27836138fe13faec4f5147963e0f31f60232a9781415f2b8e12

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
61KB

MD5
537f76e947e3fc95e3f597ada6db501f

SHA1
99721fb439e5c213ddc9015f6b8543edc520494a

SHA256
d5665ca8ca59c4be8055156582e2a73a7d97fe795cb5911b84ebb42eef19998a

SHA512
d767748972360cfa17cd75c4d9db545552953a7dd4f84d8e6330c459d544f5fffa1bea74fcffe5745572084e51bd12afe6b155d59fe65f5ec66c65776a3a0244

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
0445109c84ded6828e94d7b76ea4ca81

SHA1
69c831fb45dd27b257a4573a8610fda65f9d2f46

SHA256
9b82850db4b77350f2f35499c756b1824b03180367a10d51ef1910085e3e604c

SHA512
05d5db660caf6ec9e9e7ef7fd8a808cb9641ca17fa57431cf2448ab26675247327f4b6160cdfbadebfc6c6e56cbba008eac505b7b9023374f2b62d0a91bd5896

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
d68290552201bdf71048102b36e63278

SHA1
637f694d9de771d3adf8ca2c495d831675f566df

SHA256
e22770353f9f4c35f2c9ee4d2f5f7134365592ced8393fe4ebdf535afe3ac4ed

SHA512
b223148e9c70b1e9ce0b8baa90d1d73d6a6ba7811602e2ca5f45de1167c74de4b27cf7ec364db593380b61fcc2d66e325a4f9972d1f17d9d7e56c1f648719a9b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
68d6b4d78e19af3cb45ec882e941f3a9

SHA1
744455bfa75a0d9a181e9429cae6cd204ef38b27

SHA256
2c0e12a50bf611382244c02dfd0e0a445e5e8746840ab8270409c2757fbe3ba3

SHA512
d1160d47dbe8930035c6191eb468f4ff0c9b48a815db845ee3113cec0ccb3ad9eb191a3746e386dae499ee41ad457776a5e85e88d656f29056d1f559adb6abc8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
55KB

MD5
729a60c00fa8ceafd90d4db4abc42042

SHA1
3056176c7a8bc45ed94d2d00df26d0439359f6e1

SHA256
80c188d7e6accb1382168fc15659fd2ce86da642770d07c04a0ed4692e87c7d9

SHA512
f012322d7cf1d7097d5d34f00e629a5099f9e441f7cd5fb58745696a81d0e85497a9af3e9c5c02df08f530c1b39f22aaf5008b5ed3cb6c2ac77efe96c751d0bd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
198da8f1f3c6996605a5754ad6c51527

SHA1
2b5ee38ea99866fe4de9956bb08b55fdc63a82ee

SHA256
27addbe16e33ad15ca34251d3021ca9df332027ba88f985ee51248d0f79d122e

SHA512
1904e88ee1c91ad6f7166aad6789d17924efb430c84fcc7c5de140f3138901f406347105de9f179b93bdf2a937ae72eea1a24722b6041c02a9365283281ff2a1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
675d6bb927b9bc0d53dced03dfeeb1bb

SHA1
c58d151206a3e18de00acb8530a127d5ed5ccea3

SHA256
a04166206c6e25365244613ebd6778636ef37eaf18280f9f967ee2d552a43d13

SHA512
95efe6e953287977985cab877c439099f8dddae11a0f2ebbec05775598aed49ee9b09cf88c25a17cebc0ef8a3bf24e84976b97bd25f6c7316eead585a9f0c9e2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
61KB

MD5
d2fb656c83eaed1e0f4d2862e550da10

SHA1
17ed3072d898d2bc921d77c00910d338e58ca795

SHA256
fcd07d881bf082821608e3dd41d71310bc6d36538e12b373f5d4c187a840ea07

SHA512
fdd64b7ce71551f47fbe65d4184c53ba227988aaeb6b7e4f88ee3ee567e283516e70ef2441e555c41df49ff3bc9df2414cdeb8cf4e4dffcf4eedaed188c552aa

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
03312abdc44ad2ec93cf5ce22ca2e23a

SHA1
3c7c0699108e0b6a28010541112f2bb97c463fa8

SHA256
7c40f9d023e04de3f8433c4fc7ef347c9fce7b47892e714b7c2f4ae2e3f6c620

SHA512
bb58579e065eda33ce7e41bfc87fbeb890fdf0cf4ec9ab45f389447f25aca6fcc0d31f61e40cfb094f9672d3cd9d1b50a8aee4a3604366a8537f84319702925d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
a2ef4ba98aecf1fddb2959593440128b

SHA1
e1f42c43f9c205fa8a757e82c4342570569c3d15

SHA256
09850ad78a664050dbcbc5c3b4e54be428e64969464bf4f8d00671f081edafda

SHA512
c954c0292d908c8ecb87f97f968504d9db81594314a7e12b87ab48d9aa9828bffe7725c0b5978afc61f69f39c61682c5bc4fdaf5d7d97188f18a2714964a3d43

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
55KB

MD5
bfca66f3131ee8ffc77b1fd5327bd76c

SHA1
ca0176dd40095fc04794df3fe087865daa41f5b2

SHA256
b3b42c1c0281e0b76367ed746b868194c2bd4d60e0397790ba0410be5faf483b

SHA512
4b8bdc5c3d7d035953ec9b69a12697de095f5aef1baebf5c0e64785ac856feab5d85bdd9683b45ddca6c27a9b01bf235df324fa83950ca1052421a9b55355393

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
e346398040f162ab2fc34a0733f49a8a

SHA1
c0dfb130c6881e23cc445f7e8805f0fa8b19eca0

SHA256
17f8e36524251522472187034c0ab705bffd54b5d25f2cc3057c4efcb0ef43fc

SHA512
3a49b1847bdb75a81e4aae9bc85ef2b7457b7f718adc60ba692f015aa8cf264651bdfb17fee529715b9e1cb33e3c5f0366eb3d15a42f84de40cc02ae1d3c4455

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
70KB

MD5
d0ce71514d9e4beb21a8ce20a8cc7ed7

SHA1
43e74e638db7808bf6b8a446dff8f4aefe05f858

SHA256
ce2a40fdb0f6e9bc60c3a24ce98d65668964467b3151c8a71bf988df0228bfed

SHA512
933383b1c5dbe142e8d0ced7514324ac697b55f30263abafbf7b780c3dd50e90d20d9419b1a62e1c0010dfa1597e44b31aca0a4b47daadeb4a9631eaeef28d0a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe5ed02f.TMP

Filesize
6KB

MD5
de02118e06768ccc7d74541316a6ed3d

SHA1
4239e6b79ad35a346be420fc833141b2d513075d

SHA256
b1dcb9b296a9c829e2316c4df4556365e93eaaf1b0cf7db3a347696f751919b3

SHA512
b359bb4238187bed90163aca5462ab584ec81d773ab3ecb8aa3951515d878884952f9ec172798153e5445920a6224e24bd4df168ce81bdf71994ad3c58a67e37

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1194\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1194\ct_config.pb

Filesize
50KB

MD5
b75704e3fb403d1b726f6bb6fee24c69

SHA1
d655b745f4b1d9f4453976471104dcfd2797bd4e

SHA256
d404f5d1312a257ac374041f2de3f7499ce21e329ff86c243262dc52b2fd59ae

SHA512
8f61eba2064437534a8e1929b6ba4cbcd878ff9ae1993c8da0c57c272f57c6a298825064d2c3e4a613d8c4497c1b3741591576bac5d09efde530bb08ed9253bd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1194\kp_pinslist.pb

Filesize
11KB

MD5
9620a48bfaea2e0f26b9092c7636e2ca

SHA1
6142d9c77ba11cf12ec2fe746659e9ea95a8ca53

SHA256
7605c62c020ebd914e6942b8468a6c33f0bd6b14de7a3eef361bc770f74bde54

SHA512
4e921cf69a6508b8d43aca6f301a9d96594492650c8f34c00d08627f806df7a364da7277af8ce5d291fa0658eede15c70cf9b19115a0147eb9e8fbe8a52b4320

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3058\safety_tips.pb

Filesize
163KB

MD5
9b8d5611372559bb0c5ec7a5d3f5096a

SHA1
98cb279b6e94e424faf9f6baa86a0c84140bd569

SHA256
9dece439a4472ee74f0a5e239172e6bdf9b05ce85a9f6eaf79598d0817eb6902

SHA512
da044c7790191df4354585aeeb31428300fcd1478191b2d8ca445f90d79c3c61967e777b6dd1e098f2fdbc06d236f819d74392fdf94bb164c1c152f2477195ab

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.15.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.290\list.txt

Filesize
151KB

MD5
9e7546fe03e01da7ea2443e2a51419ae

SHA1
615ac4aa39bba0a0e495229e33fca333b5b308db

SHA256
8c92b2a97b894de01cf075214d12f2b1abedc5d20a0034c9efeb1be828df8486

SHA512
f6441d6b2ff91ed3e26ab4ebaf16a6a7a6eba2056950af0cf4a86490048f4c79faa0969b8893575236184d9dc6de536764dbb2b86775d7b71c58f99d06cf0d65

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1034\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1034\1\clean-urls.json

Filesize
18KB

MD5
3e6714a16e04d03f205a85f2563eb1aa

SHA1
a76641cf3a4745ae2e4426fb10b73a6af4f1f272

SHA256
3c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0

SHA512
05062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1034\1\debounce.json

Filesize
11KB

MD5
89b3c77c6b79fdf5252be739d528ab23

SHA1
bef55bbd5fe8b4d92551618391da721c1dc5ba27

SHA256
066f3b4550e5f6ebe7bc9c4a17e7b64c26a144df206d87cdf1f981634a5a76c5

SHA512
e397d5dac9662ba5185cff7af34ff8b5ee3ba89a795aad18fc1bdef90cab9e45a78b523589b8edc1a0c3fc28fef10bfb84983e0f1df06a8149f33187914f6bbe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1034\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1034\1\webcompat-exceptions.json

Filesize
6KB

MD5
54b1343eed0640cc4b415bd1ef50dba1

SHA1
df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba

SHA256
9344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4

SHA512
c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_Sam-Richter_x0825_WINNER.jpg

Filesize
544KB

MD5
f66e5fa138432af6b40849484545b809

SHA1
25942df987649a1bddda636686064d29dca799a6

SHA256
65b5f21ccdcbdb23f39baf036ae5eb3999f3e88e241bc57a3a4d1bf0fbfda605

SHA512
29a512f0f028b2c4e53f492f6a4fe27cc88b547334466341b08b70724b16e7eaaf70cb0308e251f404aa6b80db972a553438afc3894440e1b1ed0962ec7a5319

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10731\list.txt

Filesize
54KB

MD5
a345a741ee28ec94ceec51f851890d67

SHA1
a01963b569f8ee5e86ce15649ff4d6a7860fb051

SHA256
65d571a113f193a74338161b22bb62d76895c4e476b3e8176723eb37a721ef0d

SHA512
31045d00d3c0b066feccb2a801efad176557b4adc3ca2d5e8d75b85c9a65b1c55415400a5a9ebb5dcd3a7078bd52de2d113a7350b1877a929c71978aabd9586c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.11955\list.txt

Filesize
1.4MB

MD5
66cce91bf4aa172125d5714707d75bfd

SHA1
e677a9bbc91abe36e3319d1d7c476cd573b5f18d

SHA256
371db0b394fca99d13f1e664f26f62a77afedc5646d5e71f79aef0ab8f6391bd

SHA512
a2d806b15f7148f8ee7d737e507497c84efbf5cae4fd2cac32a76c16e05a10a9d8a494a773ee037cd5242a02f0cd91d531d0cca3e4e6d944e32da2670763619e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4

Filesize
51KB

MD5
c3417bff3e6f2c693d52d930d9b4900b

SHA1
144ed430e0251a1e014360144515734d4f9c669e

SHA256
be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4

SHA512
4c8090f2bf57fcea3ca30d8069e79c1432f13ed427b855192bec28fae2097f6769cdc3b1927f7b4f7a722aa5291502b47c461adbe6010ac4d7945b389abc4ce3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_7a1b58bd8f5df9ba803c5ca865baf4a3607e601859f1dde92c76ce08366b1bb8

Filesize
71KB

MD5
5aab41a1e4d31a4a7396b2e5eb645dc3

SHA1
74b20045f49707e1ce4bb0f1fcd8cdd9f5905020

SHA256
7a1b58bd8f5df9ba803c5ca865baf4a3607e601859f1dde92c76ce08366b1bb8

SHA512
1364986b2fc0ee74ac604558529b7007f0d60550dd36addf64cb613e392b00806e211fdb78bfb6fbd278aaad9e61c87c72edeed503908c6b2ce58147f42596a0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_7fae62586e8ad4ff5259efec00bb70aeeed27f5795b0476c8eb33ef01016c7b9

Filesize
18KB

MD5
6ccd3d4840d560fce073081baa9fa0c7

SHA1
8e9c294be07dd8ef693b03a9cd11d16cc96d3d00

SHA256
7fae62586e8ad4ff5259efec00bb70aeeed27f5795b0476c8eb33ef01016c7b9

SHA512
60c718822cf9a0cbf57358fe6fcb504f7a14a2d4bf4132063f68024ff7e3f3a7fc1e66defd1315af6a843cd1ce1ece8319cf95e48e72830bdc39b10a99271cfb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_f96d5287f995ba6f6617149a54667272ecd59eb893ea34a665e9f388fa859999

Filesize
411KB

MD5
761dd86abf9a18782c491850ae95f6ab

SHA1
eef7304991e5074a6a38d1225de7e03c0f71e79b

SHA256
f96d5287f995ba6f6617149a54667272ecd59eb893ea34a665e9f388fa859999

SHA512
4cb5b8aef6d550be63d44b14d17087cf9012473aed107b82b3ee45fa40d5c68f5394357e0ef143058e2d94310f1d576d20f0df80a817c2bdcd6dd41f34a7e30c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.883561cf17ba8ee650d401840a04dc776311a2ec15de889d0dea2e79b33d5019

Filesize
150KB

MD5
00c7cb9daf021bcb6f6ea00878a1cbfd

SHA1
1035712ab0c7b57755b361f86d7d3ff4ff9aa307

SHA256
883561cf17ba8ee650d401840a04dc776311a2ec15de889d0dea2e79b33d5019

SHA512
49f8186c41212e126e6d580ec9cabd4afed367283fdd6b34190bc06a1a9b71e160943dab9ea1468fbb643e5e5d19baf0449eb60899dfdb653ebbde09ad689d57

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_848ded94484e0a5d0f9edba1dd6fa06fadcf342e4f44a02c74eaea1c5c27eb36

Filesize
741KB

MD5
ec103402ec07aa49391a21bfe11d825b

SHA1
a1407e897581d0f569089c0b98facbb0f2e81654

SHA256
848ded94484e0a5d0f9edba1dd6fa06fadcf342e4f44a02c74eaea1c5c27eb36

SHA512
1d3320cbd8d9ff0f4b95b605acfe298b1024acfb2ed8f2c1cd494e8e53ec8b0b6ce356f78b6abdd73bc49de2d3ca16bc6191bd35ee52cdc0ec68672957f0bdf7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.5403446a7302f3c11920b8a3427849d2c1596f9f378f6674b8de6ed1b33b2fe0

Filesize
585KB

MD5
a9a36c999223cb333bab48d71559f201

SHA1
5c7118053f6edc7190a822fb5442a6e0495dbd1c

SHA256
5403446a7302f3c11920b8a3427849d2c1596f9f378f6674b8de6ed1b33b2fe0

SHA512
8cec58d85b38690babb580597e29e46462f3d49cd94365602ef6cd5eb4347e1bcf7de40640c79a70b3df1518d558463f20d3299326ad407eabf8afdef64790f1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_2ccc74a4bf21425b80c13ab86d922a1a52d48a6b5f75162e3d9939b12c063c64

Filesize
1.6MB

MD5
84278a9f4fc7ce3f2701a5fd8df992a7

SHA1
c5b0f100ec50ab428803311d65c6e68fabff085b

SHA256
2ccc74a4bf21425b80c13ab86d922a1a52d48a6b5f75162e3d9939b12c063c64

SHA512
662aaa5514f944310a1df363725ce094472183b7b591f6ec33e7d1bc07a17c388d46642f9b20c1881d2a28c5215a9020aba0f189d50b3ba47e7394f36d42a8df

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.4871e9fbee798f3aa1612910d64a57e76f2d1b9e729b30305020745b839953c8

Filesize
9KB

MD5
88b5e8d596be36e024564a648aeb1b06

SHA1
753254eb16b07ba4561f4a39978ee61fd915fbf8

SHA256
4871e9fbee798f3aa1612910d64a57e76f2d1b9e729b30305020745b839953c8

SHA512
fcb3e71cd6d7a23ad0e1cb6b6865a9f03a591fd887fa2b1839747feb032f5ba54ec3cb0ced44d6a012cec2f06dd40549ae4ceb8b90ec306fb16f26c9f93c543e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.dd7633c0a3f938350e3d5777455ef21cc9a85acbf27316b4e295bf9888c515d9

Filesize
77KB

MD5
f6d763deb52065a1e989ba71294ec923

SHA1
e8b992cfd955d6047d0f49695431257a3efb9e92

SHA256
dd7633c0a3f938350e3d5777455ef21cc9a85acbf27316b4e295bf9888c515d9

SHA512
2f5e8e159d767d8777b460b6a7a51276bece5c5f655a4faabe267b2059c6472e1024fa13ab065a0a6094dab680370122454ad49612ed762590246c6194cf4be0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.dfddc50886ccee464d4fc01472513db1467df85e37ef600b19c1ccb8a1a4dcd9

Filesize
5.1MB

MD5
be3e537007af657edbb6f5cd2eb24e21

SHA1
2b59970327411f62c4b29d93f4a8582c928bfcfd

SHA256
dfddc50886ccee464d4fc01472513db1467df85e37ef600b19c1ccb8a1a4dcd9

SHA512
b79b69db8c7ec82cb74cd3c9e986e19f6a92450a85fb9c06ccb698377a502a3b010896ef5fc510af94dd4080171cf37d3eaf9e6b935c94960642bd571cdee2b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1854\photo.json

Filesize
2KB

MD5
3b5a8b4e7805199c2108e7a69c947aba

SHA1
a308e26ce68d8accc163f260a3b97f25c6360702

SHA256
f6328145b9e39e1c0ac6345e6b10ec7f0093c746665e36968f8cfdcf5dca4d13

SHA512
8428ec61754fd2bd85a5c935b54507b62f3ad68d47308f4271db8699d443266aa738fb3ffe2668972f868cba4fae6337ed532da5bccbeef9509395834c08024d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.10165\list.txt

Filesize
5.5MB

MD5
5756356188131fabbf0e1a423c5257a2

SHA1
e476dd95cbb6d5d682e0bfbfbd33a503c75e04db

SHA256
17438af770b283ef42971d474fc33a6461f09b35a1e64d36bb291d5f406a5265

SHA512
e439e2bffaee73fd7e9f051ffb155b3e3c2a6b347a77508ee6880963ce9e8c6d2e21d26a6e71781cabb1dc16417d5f76fb519447991039a13ae8a0d107664d4d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a92a887cae5b4ba57f004ab0e264f743

SHA1
b5685ef6bd38e71cfdf6d59bd602ff2c6462e10a

SHA256
77773fe12df327d78a225195697d6d5df4b408ec218a15ac87e6502901c8d73c

SHA512
e40ab6412654611b26140b0306e3e4cf0597518ad5a37159c6639ed0ee3925ad90722f0afe9bb657fcee08def7998be1f9f41798b4eb4608caca19f43592bfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
72KB

MD5
12ec32578358877c92e6d069c908c847

SHA1
e30c0cf26c31e6b2704d97f49a8288847bebd0f7

SHA256
9cba0015bd7bf0068e37a8ecbb14e39b5677936657ef8b675619b1427f98d08a

SHA512
5fbaa12108fe3fa52d706e8c564caabe0db509026998eb2770b9b66a6610fc3c7dca1fa5b08fff71d429e4b608ef03454ea33ed26668c9894f2766f2991049e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
408KB

MD5
da52c9a9ae5bd7cb00dc0a60fab36af8

SHA1
3a0e0936adbc558ff97ba94f4d56848bc4d5ff5e

SHA256
fe38a48bd553debeedd7966e1c793c6d1ad7bf345da66ab7a72508749168f5db

SHA512
62871b56edd81cb1e3355be1fea2aa97f84eb01fd3aeee8621061a4d89681ca7cca53a481777b765f5f3e1d9c789432cf98074d805ef80c85b2acf01876e2d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
109KB

MD5
0747e8720d72dbaf549ce01e1e13be75

SHA1
b7e09287df1f6e556cc0a7aba2c92a0c66c38ccf

SHA256
5a232483f8f020ec4e5bd92b98a3de68149f695d400b5daa37125e6a7ef7fd52

SHA512
d6d045b64b86d9d19adc42b1ae2d2ad561e1ce698e709c2c76873638fdb508d2c1fa8cc40659ee88e771ab3cf26af78fdd079ff04ffd0b0d26ba84f96e381545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
261KB

MD5
b7170c96bea5675851995f377446ef09

SHA1
a358a12c9c668b0075cbdfe126b08f5160615518

SHA256
7d422829cc466b51b5c92c25acb21d9ed2e5f513137ab863137658d60d383c1b

SHA512
49e024fb52841a4cf80ed672e72aa9cbc24e361636e6467163ceaba2cfd518ec7207929450bd99e72615d5c112fb850255c8fa5a0e2c5e8d10e15a1f4a8242cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
170KB

MD5
4af46130d5b80f728f09177a9fe1e25a

SHA1
18e5cd00d401bf7d14056c83d9b39dce2980eeeb

SHA256
f19ff3bfec951f80c0f172296a80d4d4c8c2de69e5ea5bd70bfaf23bad33ef72

SHA512
1a0170969947d6f48705943dd3330107ef80bf53f7519978e5d68c9ec5f5763074419a792e9dee6c9642c1b6e9682c2047fc61112bb0c68e347825ffd7895d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
323KB

MD5
2e2661b05533b670b989bfa3e455ee32

SHA1
ce6d431f031a5515c422f8374f9c145acf179ba6

SHA256
1c644db19d4474c728ae5db851c0b3ed4fe16461f6231d35bab8416e41c520de

SHA512
257681cb7154aa68d3c1889d776db4307444b0f9022b70dd3c57c55833244e648e328a034a1eacb665a6960663f61792ac0a972123fc15531afe2d1468f9057d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
34KB

MD5
d74b9d94121977b55b511eb72f20b014

SHA1
764c6faec43aa5abd0da58468bf14a22d44dba63

SHA256
aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677

SHA512
1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
59KB

MD5
2d9dc2004eecaa8e34f218ee405a2bfc

SHA1
75645021c0d61ad15407ba7174f6f9e54cd6707e

SHA256
85cd255033ccadb721701b349a89b0c9d40af8d42aa3dde4200aba9e197a409f

SHA512
f486d452d49362c94f0c3d1eb8b81942065fb8acc5530b9cf6fc461f3c9669852be2f47f60802a72d4cee15b9037e68038d8485011b4a6a7f64f24dc3f287aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
20KB

MD5
7247e91eedf36d653790d6d0a1c8a4e7

SHA1
88281d63857f377a82426d9ab6963249c37443c7

SHA256
bd6e42e520f77a213daeee8749872b2ef6b220f7864e72c90f78fdb916861e5c

SHA512
7780717bfbb9661b6715f46c89b81e0241d2a7305893ffed317b0ad5ebf57548552b6ad11ce1518f6bf20aa5671bcacb77dbd86f9b484abe4b7dc2071c4c42a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
37KB

MD5
83285c0f09ac865af1341a877da170b7

SHA1
b4bb4604cafbfee4be8a3338a402f066e25eb785

SHA256
84fe2df4a392f96823bdd0bc333c72a774154fdab3ac7d1c5a55248685da80f2

SHA512
19198d23ad6e9120b5453e7e0b370ad7d049401d407ffb2325589ea733cffa0f2ecd62f06d6fb1decffa8b275aa13fec132c1be7498e3e2fabcd37c2fd03cd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
40KB

MD5
01c37712c53beaec90552077a4235057

SHA1
0a1b1f47f36052ff504431b8cc75aab470ef2b70

SHA256
aa3bfd95713e4d5c76703b2ef5267b94dded413f000ba3a46ac391086831b38e

SHA512
be81978f7854a3100ec49d4c12a730af96df1e97e35fe182fddf8db6124c6780913a17210e4b268d261a9e107ed75811833d698e85d6ca325847a1ffad895b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ae4a118f4dacd08_0

Filesize
366KB

MD5
d2754053bc76cf674e12cd186002070f

SHA1
b1bf4910660a6d9970385ee99e36d324a7ad8482

SHA256
9b266ffac5d2eebb18b9c26174b1fd79e3a36899cd7fefcf835129a9c0f86f23

SHA512
f6064d85e11df9148499fcb8c00c04fa317792fe6d0849e59d876945493bf98da6b66c7d8d055a7c25e81730c71df67ffd028f68dd3b6da9814690af90a6ab3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e13aef120a0a95b_0

Filesize
19KB

MD5
fddcd5a8adf02234f779de0aeafc09f9

SHA1
c3e4f37d64eb03d3ec17f7a429968c795a85e686

SHA256
0181722a62069d3c9d620461edc8567532603fd8d7bc8dd0d4e7af81369e651a

SHA512
a6917bc7a610ed8ec2979c0b93cc0b6475e619fb1440d6db455be52a3bdf4d3f77959c15b37c43cba76e601ad76455f727193ab3c030aa3996e0d1191c292114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\657a4f5652a6ac1f_0

Filesize
20KB

MD5
28d60571d01b5ef47a784dd086d964a1

SHA1
b0b810c2efcdb30991291355d4096c33b59819e1

SHA256
0e0ecd9c5d4fe5be61d1bffd44518de53db399ac55ba6132966425b01f675e4d

SHA512
1f02403218b4d4802a9825868d47dc546207b6513a4d74baaa6638089aacfc04ca22ee66972f2b95ef412b7637b6ff9818778eecd0ddf7e7db858fde4579ebe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\72dc43174614cecf_0

Filesize
1KB

MD5
6e16700d4fef556c2ebb3895f39870f3

SHA1
ee3c476c3df2ce5f8ad3c6f83511228e1b47856e

SHA256
e88b17dcdc388f446cedb4df4ae0efa11949e44f0988999a54459ac0f43c0fef

SHA512
68436e4cdf00ee919c6aa3aff54644a8d128adedcc618626d577997d40863beb66ac1105e8ff7c273628fde0e05787e2628d77ce7eac95969e059b6d8d958df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\74fc0de40d7d6570_0

Filesize
352KB

MD5
382373618ec6ccf403b67d0e355f3024

SHA1
99bf2a6f45f12d622359a77552d6ec55810f2aa5

SHA256
1c3952fde5f13d4f40d050726af064dd463414252109b30650e947702b0ce68f

SHA512
4b000dc3264139e7b0503d5e1e9cadd2e571451123d712a7e090da29d2974de8b842d636e01cccb28a2030ee1a6eef0b2ae04c39afa8873ef87092e4cfef7fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b45bec2f662efcc1_0

Filesize
2.2MB

MD5
e3fa56b0b0e12ef47354bef3e5a35216

SHA1
95fde26d9e42e561cdd3544c3148fbcf797b3390

SHA256
2f8d434083d33e1e5570001ace1432c8baedb5901e09b71e37cf63182e5fc7df

SHA512
fb5ecdbe1a9fa4297f856809469b0c7364891cc9f7a1346ba935ed030d3486b723fea6b56c5f75e798fd06013f81e82617fa4666fb07263736dda8571687a59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b567495117dea8b3_0

Filesize
280B

MD5
b5b206d1f41fbeb46bc669702ee7af97

SHA1
555efbd2477b7fa0aa88ee7814e3615727705c0a

SHA256
27dff8af360440b6c54cbdf62d3dc61ec2679ec4d533195f631420b52f3dd347

SHA512
6fe57a3b21e43f8c79fb618401a55632b237f55bff5d3815e0a2200eaf848dd6da6c1c5f47f505d52cebbb1edc5d1c1ec377568e8d9c2bc8dc329bd18046f167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b8110f3b765802c5_0

Filesize
3KB

MD5
a7c834e97f27ee59f433103511787dbe

SHA1
7483959c4b5e973acda02ddc92a754d5d71d3c64

SHA256
8e3f5d47b3e572f21bee544ebafbde4b5bb67c522a8ead840317b56e8796ba92

SHA512
a7af94f695711e54adb2c0fb43cbd04b780e62665ede42567239332543db1f5cb505a4902b9c516be2504e0916a54cc8a9d534db56f6cdf0064877bd000308a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c0afe0d14969413a_0

Filesize
289B

MD5
d092da5151b76ebabb29576a4e3a01c2

SHA1
047d7c72d6528561b49255b4087ea4c05627d7c8

SHA256
3c6522c1cb58ae53a1eb34d13340115a508e33b99efd1a8c249267d9365aa377

SHA512
9de50290ac5648935ac66fe7f2242c3a6a9620904fdfad0168022d29bdee5ee0821d80310402b4fc243dfb1ed3182d14ef5d7c2e2f62a2be7b81a2f032e2b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c329c4670fc15e0b_0

Filesize
352B

MD5
99d1ca8770f1356a37325960c4cbafb3

SHA1
aedd3856edaa36a54933c61829b2b81de742a2d3

SHA256
0f30619c6a46ce13f01fc7703f81b94ffc3183edac1c61bb2d6ecf437901b3e8

SHA512
374f1685aba0dfc897006591e26d9a686ca40ab9c172abf7ef75936202c2a846f03e82a0868ec03334791a531afef40d1d61f2f9376b1bb8f7fd1dcc3ab86f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd7c640e1a52b099_0

Filesize
281KB

MD5
2da5fc0c747fd9c0255afd62d7e37f14

SHA1
b76006628cf834b7a1836220334b19936ab24e7c

SHA256
72da07527dc1434ea9dd9c8ae9ea2e78bed270a49367e5d24eb6252a5f7baa15

SHA512
cee5c53e6dece1656e322bd3a00bc7ef5eef5d2a860b1a6f01c06a3e49215a6753f05058e0a57f50d318887e7b0a36b5e239dacd1c267ea076bd7acb9a002e2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e6f070329a351dc1_0

Filesize
280B

MD5
9e19a0b9a9040c27e19401776a10ef8e

SHA1
682a5d4be379bd14a9eaad6c9d477c4486975065

SHA256
e45db2f6604f14b0b7d59cd1253284f39c25afe5315c292332cf1ac3d190cb01

SHA512
847c4d8c07b307cc7e43ceb4f136233062e8d3524dd3b369e3ef659ea38fb3874d7d515b11a658066705f0ae049ec34f7e16ecbfbf0e51cee29f122dffce7fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
10KB

MD5
3a68935d54ff994f1e4df5b9d3c3ab71

SHA1
585afc4bf81ddad6470c97b93b03b80c47bc221d

SHA256
1e39302ac9a96243c11473479c5d3522632ae457de8b114db8d0c8bb0679ca14

SHA512
bcc937df5cf05100917687b9815a7a1153d6d0826c2e1c2bbbd221cc56f231ca199b3e8e3d0f46554c9336bbfc45193b1050c9ec69146e1a3740a27411688b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
9KB

MD5
e75741b291a613719701b961af11a314

SHA1
7e608b5768f540cb6bd529735f7730f6b0ccdf7e

SHA256
5a2c4f4e80174316000ea67ed16d447e8df7fdc47c6f37e50e199b3e6fed2ece

SHA512
710257f611edb66565f7f98d946eeeceb26cdc1987290bf62be0a8e503e01d55b173020526d072a14bb8eb76a4c6626f89c53b853ff171df0e5a92cb6a1f87a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
fae3b9a403968b6363da4cacd35c69b8

SHA1
18c69311b91d1960ff159a119d9d9eb46b36f6c9

SHA256
021f3feafa078315e1d1f1d93a9010c22e73d34aca33ed5b8e3c5ec826aea846

SHA512
5b5111b40df076c0379bfb1def9d7e2f10d196cd54ad576494ea648e40a4a476c80afd0afd7e71b36618bf09b4b7fcc9a17209f4bf5eecb506dca260f6d53a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
67b3a12e33d33ee9bb0c4714d9c05abe

SHA1
c8d6fe4aa276319bb1f64de32d7f74ebeef07b5c

SHA256
f41f5dea2e9481f7297a72bfcc653f4d390124a05e21820824a85d9a32b7a3ce

SHA512
35fa06ea96c6f0ba9774a69955a44bf3311586ac10d1d2a8f145fe6bce2bd19cbfd5c19651f1c4cd898edd78510bc8d5c8eec20d61888aacf3d7758d982ed840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
512cf98014d7b9929cb0698799545efb

SHA1
ea202d261b14554ff3317f58bedc1ea654a35e35

SHA256
39efd23d33a4f18026f001ef7d8534e27e627945ea57020047a6af26b777db82

SHA512
875fd195aa9acc6fe952488a244130188ed8eb995004107efd0279a1e65add4c2c8ca30ff656114f5014eac94df5685e327fc974f333bf717d47b79f84285f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
f34488a98602b1da43cb725d6e7e243e

SHA1
a43d487e37e8d1d145ff3aa204c2e551b28f5728

SHA256
407470f6689c444ae8a78fa680be6adef982b1da6b521224e86b7fb3482d99b7

SHA512
2c37244545e74cdaf1807b2583f12ecb67f1f8f32c062ca9eeb66cd4d632db33844606fa019b67d05a849a7418987ecc36e1d611312c1fb570be823f0cdb22fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
c2148993611cc0698466d4f6ba904d80

SHA1
d14130aa161ba59cc5af9f9e0f25327caf9e0356

SHA256
a1597e0141b16201fd4114437e75dd3351d671c4930fdea2b81688725133a733

SHA512
fa0b914efbcdfc6d3b51cdfbedaec4f9fce2f8b1bd8a6628d6c4a1ee36713897d0b6d348e5785a98baa771940c9d8d47bdab57d078be95066bb26a6ba3c1e057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
227521ad040394d130eb34836f568da2

SHA1
9946388a477c89fec34060a5163a84d770d51327

SHA256
dde7b275ee422cdc8994f36278046d83830fcc3e8f0b40aee07a185e4b4c267d

SHA512
f80558f672b44bd1774f65245faadea698498c211d90d5966316545acc739469b5792aebc52861b058c253e03727bd987693aed75cf55647fc57bc7e5398e8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
771cce62ce410b50265fbacc34e92ea4

SHA1
979aa4997c6b92140cbd977f3b50da60a7051239

SHA256
bf14e4484c7fbb456e4ff41f8e57d7902ffbe8dc425fa8dfe131804b6aa73538

SHA512
eb9be5d1bcdf73f72b27ac57acb7fdbad821f3aa51783048f53e9cf17d71e875152187a32e4cb0671463af12ab9c14c71e73d1176d152c04865a7a2402e97632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7754464e49f594e4ddfe09bdfefd688f

SHA1
ddf7b1d76aad3e67c1b5ab6c3c85aeeb1bed6834

SHA256
ca78f6340143eb75b708351b38b0fe35d98e6322b41080cc52fe577526ae16c6

SHA512
059cd6c2985e784c1835a385eedff26467080f2e4a72b1a3cc1aad2f6393ce1dac74c62d41278b91cfe69e04d8fbf7b8993a83e48d5239f2967c350dff7383be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
f26021e70909208821743ef81d41cf7e

SHA1
4cd0c6aabb66e2491116aae2810386f311a6590c

SHA256
9b2fd5bd5b76c439b7a2137c8619aa62b8f9b0f20e5f2d5bd4fbd812d4a5ceda

SHA512
9718b3a6ef690fb88fd0e0d6f8fec58106243856359c74bce5ca702d7e779dd04f9a0ecb1e5dd452b1a804b8dbccf36dddf69017188c9c48b8b74020eac334fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57735129990538da913da7dea5d5db0e

SHA1
4efb3d254f9de1ff287d4b847dc733cd6de481bf

SHA256
7d9bd7b38e08e9de77c07c746c517b123b41ea9bbe9b3b6b21069f9a3ff5556c

SHA512
d5c8b74a5d7876fb5779b9b10df5830b2c0daa5843961eca0adde24602ae7bfc3caf1ad00f9c5262e66972bfcd8c504f2e3f9fe0dd6828d7362c81fe7cf6325a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a9b5e50122402d4b887d25c3a44d7818

SHA1
c1268cb59045a35962f3c578ef14718a01c697ca

SHA256
18ccfa4d2d4b1219bcd820670be42b4d89477598c9ccddf674e0b572c9a3aa68

SHA512
ef01c8309077084c0c1a16d22493f8137fbb8146d5e6f19a71346e78086a600bd68626854f83de9a0851f9fee986b1d3f090d4ce8428a450b0c4caa91a422fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
46f2cf4741fda8d3a1d272fc2c60e5cd

SHA1
fc824471422eaa245a573b9a1ebc135871f187db

SHA256
5da606b65f190d13ccb92aaffd326b4c36d9cc334b77f96fb41595108d7ed30c

SHA512
247e3dc4f2c83c601f564bc9f85cfc03cb625c594c306369f562917f32db605c361c65d4b1d363144d014568c6083655789084ca6dcc7d8df43ed28b33243c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
436501e14d9814087426ebd672117fc2

SHA1
b65e4014a54fddf4d65f9fddcc37cab8793f4e73

SHA256
e5620eadc05aef7db8d160f60307cbee26be91cac2f34b2a6e42ab3260252778

SHA512
fa073c5bce7cd2acee6e3e6aa8ee5d18be56b61546b15d18bc92e56f083e0092dcd8392810734affc787bd17267ec6572c32ce9843feeafa1168e806723e2c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c11761187855faeed8658faef01eb6f6

SHA1
02d4002c7b948b376ef8fba1770fdee3e9482304

SHA256
70b2bf22cf144b369a2a4d72e93f4c91c4e5366a65ef290168beee3d7440f24a

SHA512
c5980c6667fc8b60bcfaa87bbd50c4da0bdeb41562616f3900fa552e6160fd645d9560f139e1c32123ea9d45440006957d2ff2efce7a4fbbf39d9cac7dc92c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3c254214f7b05a7d64156f5a0737f0c1

SHA1
e4b2eaf7ba9eb540a099c4924dda22ec308c2346

SHA256
d3795b08b87c54c56005f729b58564e5a5149c6b43c2c2b3bbe2352f51da2e0a

SHA512
cfe35e043920acc6c0d96ca2e4d3398463c299f0a9a202fdb2242ba49691a9c99397fd0f83705807da248f12454178298a6e2f00c554a62621f8ba7d0ec28b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1a1ac1f9097ee1c79f18a30319d9a3a7

SHA1
3b9fa7df1b1e75dd4ab2c4a95179d10e80b1a297

SHA256
7809b04105bd30c4827624b154d833325f7b48ef971ba6ff2b135b2cd27c2dfa

SHA512
0460f1b8fc375d8302adeec9ea4ce58965a172a8da0a74087cf2c71abd8966a3bb42719fee690842604a807cc6d22a15684f4c06a375b69cfb634b1b7e51bd4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c266f32a52056b34382f1e76933902db

SHA1
2306046d00fa760ed0037caf2aad5e8567af314c

SHA256
98e97625f12190ae7f8c8ca593567c580e1fa82c6a13eac91c8f64af551a2a16

SHA512
1d4a6822b9558bbe8b3dcbf08d674672586e750a29ef73a4fd21047325e5b84d242e749985bbce1e22ee8da8f0eb5df57d990e5365a0a93f254461f235b4d5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f6a0c73efdb8d66e2b9bc705adf43526

SHA1
b0d2aaf8ebfa216038e7af867cb86179b4a04f31

SHA256
ae762b232e6a85f7314676d162b140a162e92d6b529a4db8f7d682a34d5ae669

SHA512
30272e6e5df86ac7aefb12c2f21da93256dcf1e03e5f36f33e2f26c86bcba5aa96bccee770a9070867f2c2dde07fe157c6337daf346e577c16e8e7b083c30342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b82b8b6023350f3be1b2980ab9143230

SHA1
ec8c1f499dfe15d3fc5edbc3efc696dc5accab8a

SHA256
df6b15c7fd6b30cdaba465083e100265f7c4b9cc15ebd7528e187cba23631c36

SHA512
62be8ce328c01e935b31dae1e0c7b77446bb98fe2f83eb8a00e81230459781a27d26a69ed875e7d8c46ed9d2da0064043680882b26cd869bc1892a28d8f4e4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9592ab660933f9edbfa3e9827f757d9d

SHA1
e620457ca4d26d9f6a4d79317292edf425d40c3a

SHA256
c6c3cf0c740c6dec6615a1bb51698c63c055d474aecdf3250f30da10082324b4

SHA512
cd3b138b3be765d91151c4f33e71e3cd8fe8f22d495e827f5fe206938b9b143c50917b4f3a247c9d9565c72f882e6ce40ee3ec18d1bacaa00b0c574a5eb90954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
00ec416f6af2581f1ccf4dabb5eb90fd

SHA1
e9e8af91b6907ea8670e00e39fd0f3166c5fce40

SHA256
52fbeac0e2190ce32ea9b2ca179f5913f45cb8943d86f61b3eb30725e17e9ef8

SHA512
1015fe5c553ba986b68a09b33a49726c5e669e64ab7ec0d10de0c36ea3afd6382dbd399ee508f25ea33099baef59441a3bdb0cbc412dd4e70cac659a6dc3912d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
986c871999dd411e9c23a49db91ddf40

SHA1
539316d2db40ffe6c0a9ce0eb0bf1bddd25fcbae

SHA256
05efddb6243717076a0b02d61efab6d559d16a45c42a60331c68cba39ae4ee82

SHA512
3bf855e89cf2be3fd2705abcd613b8d69a8f51908808e9d2b5686fe1c763bc6df8016bd048675abb6844a461b3d7b33ef15f6d2e7ac1eae045bbff94a58a4c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
61aed10c918fc10036d4d2e8786c8f99

SHA1
5dddd5d7b423c19190134ede7712747c51d78978

SHA256
882147a3068fc1432483ab4aa10e95dc494fb1fd22a1e6e2a9286767a92f872e

SHA512
29c1b88e26e9efb089b2d035764954919ad0a1fbf5aa4ad4597c8023c81e847fafa9c8d498dd675e62d263403f7ad432c850d649925dcd3993ee951928c2125d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
59d51c63ed9e46565680d4e292d1d2af

SHA1
2345e777190b3e589307b6057ad87cd4f6d129ae

SHA256
6db729542695fa3a987b7240c44c1d3fbc4fc6e0524d3eb6d153c000a14d2aeb

SHA512
cce455d8a60e650551e3ab4fb6a51e1c3bb66e6573939a6fc2c3af75f878269f8f8c98c8f9444173fd88479aa20f859309a8b4f3bde780f5256297bc1712ccbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5eba2bd4856cfbddbb3c5a17837bc24d

SHA1
1fc99d5094d999af57c240c88a3fb694ce93ba81

SHA256
ccc418638738ae8f6bc014b82e907c3e9810a79bc6538367b29e0e8182f9ab62

SHA512
c680be37d0275a8f6a62074e606ce179e78daddb0d9be773da21c46c3f99310dca1308250cf7e2284f5e7390e2ebc93e1fc91866d6569edcaf8a633341027afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fdb4d1419988f7a8e362ddf378e22a0d

SHA1
2c3a29d752bb33786ea2f29e6ca4837c6ac41c5f

SHA256
4bc7b0d83cef19e2fa8d6e4f9c271d847e3d646109ba4a1c95b713f46d4a98c2

SHA512
6d91f584446e81f6e732f1beb0a2bca1ac8372cfc1f03d27d0481270a6b6617081571be49aceda45893a3af7c110dcf735090f4901c153a7a2633d96c8e5de85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3035e52252b1e0f188131a7a31673af0

SHA1
399183074e71e5d6d5a2f18be4be44eaac4bf743

SHA256
baff4f8e642d36031b97986470205d5bdfbbb5896f3d4383a9b1b8a2e7e4a050

SHA512
2020ce1e578282bea846da85af61cbc3f42edef071879fe57376881424f7643365ce83e1597db03aa0ef8f9c2f21bcc72f3602424c4b3a44e53adf90ca492e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f829d46368446cb038469f4538e1f7bd

SHA1
464c44670f6834c91d405a2b6eee84b6d392c270

SHA256
fac363f0ac2dcd1fa552f8eb5a9ead3671b264819fd88fb4040412f8312d7e28

SHA512
f79865ec6c87e397b3e99d910bbdaa2f87f34c68840aae2ffd89857b4b6f841a93f5e5aefb3acc15224e303e04bbe9178c449142778c2d550b61b23088673c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f4ddf645000001861025632578ec7c30

SHA1
72423d04aebe5f17c8e4489eeee229717fad71cc

SHA256
14cb6dae44fe67f77a96fdb6c356f3733a4fd88f9afa9b1ae9a7e8365d4f7457

SHA512
36667468d5706f31ce3a5a85c85d9144dd7d529c03ae9a5bf999325dc6789fb083aa378be893b6608075f344ef09b1d2fc6f7ec19cc4361f15c3f5e28d2e775e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9d9a7876ae3f3aeb049de9d9bd2ae091

SHA1
5c881999b0ca8f0aeeaee960cb294f506a022b19

SHA256
4973fd694879ac46799498186d90d456aa8c7432936ca16c811f2d0cbec1a3b1

SHA512
033aec730194165c131ce78aa6b72ac9f89e73783d9d5716cb479e1aed0f21fb70329383b5db2e85910fe909f99b78531c6ff427ecbd5e51ed20b5663e5a691a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b56eda1e72b4ee5cee6478d2c7634d8b

SHA1
cec6ad705e459904bbc5fab2a331b0a2b6e38f7e

SHA256
e03068f59d7324dd804c515a6172aa4ad45f4f0ba83216dc2461360fb0bc06da

SHA512
0cc39955a2157d57c251004f6a2b6ecf66e9f24305ee29761e6d22d1a0406123d30e1927fe2c7ae1d676d9bd03811c8de762273cb5940daaebbc2ac245be86e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3710cefbfedd6102c05803f78db14633

SHA1
f24621b5265ae192605a7363c7331f50080fbdbf

SHA256
a0b08a6fb1a549bef4157217f7b44419e917881e48d15837a9fa50eba55c96e3

SHA512
f9b6a226d2e4a237f670af6cc9313e7fefd174dd585fea6f710d4fb6604f32ba597efa3a2305f95ef02a6c644b1ebecb55af506382c5721a20c4e31fd92ff180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
14ff2f51450bf670241e6b9778f5cf18

SHA1
29fd6cacfbdffc1efa94392b9576386a3a4446fc

SHA256
c1328e6a19558c5f8b84715b93cbd43623f93ca48f818e1f35b26ea4f738e818

SHA512
0813b021d0856e72227658d58f6db827842a1fdd42103ad180abd743a3802dde55a72d3b5ce0238940697fd8aabbfe2a1091c0cab29d8a8926825751b2a6953d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9c66260cb135ac458c4b9caa7a6ae5b2

SHA1
c5f06e337aee380785fb3f61724e8ad3e8804c5d

SHA256
b41851b058b2da85c958aa4472b68ff61f3a948d26213f9ad11f585fca4395d6

SHA512
bfed25404d9fdfe874d0b0315b3ac76ca6417cec3310e21887aa1a4c4b042921ae2740a327186997533280b1d7b3b6a390f3dd12221d03f6d7533111fea29195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e98b84b0905f925d41bd0017fcb510f4

SHA1
9349953ec16d584742fd2ee219909f7c62ef16d9

SHA256
e9cecb12cfe02f90ddad0d1a6c38f33e123ef9a4b55e4b5b06c5ef6ec4b093ce

SHA512
585581ea1f2a4f98b8fec5b7e99da80ca04ae1a5154d662ffe2cc218b91e0d2922074c768a5d76d18bfc9bd763ac227984dd6d22eb6136fde1619e83231a32ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
057d077fa55eedb715e2eb03378b46c5

SHA1
ddbca3fc94dd759114b95e1429da5731585b646a

SHA256
946cc3abaf17fba4b82ff35813e8bca9a6f5a8d8a25da2fac544e7dc4a460f63

SHA512
0e3787adb2d1e61bafc9aa3e25192f988424a4687458fe728058b1b2b4226dce6687b489cfcc178bb7ac9d237583946b5af1c9570e4c15efb76371bd90c808df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
393ae8009d42de18ac1e2c7f3324c50b

SHA1
16140d7da71269acd5abb2fc258d15dd8c639d33

SHA256
6c6941e5d1a929c9f4913e532b45c4ef013d0260709c62e4421721190c6349c6

SHA512
d91109d0e3700419b5b9146f2b2e0c63cac08a0d670e890466a8f9d0a338f5b64591f969ad1c64650eb27d015d9e5ebb710fe73db451f67df45c59a606b60e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4a9f67cf2b8211b8d07ad6a97a657759

SHA1
8fbdb888a5a4aa371bf7e0d05edb49833b754025

SHA256
be7472bdf9d55ce8cb1c64f83a565a1654926ff244f29240f8b3b7c507ac0109

SHA512
adb2b73ade65b4cf412438e56379bc2722df24fb6d7226e45d2423c99a468353c1c1aecef572ab9b32ef21366799df1001cac180dfaa168fe7127b5f1b941e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f2bce3b31ae03e027b3550514c5d0501

SHA1
4396c1f42790ac87f6112d075024cbe7840fb9ee

SHA256
d40f1b6a04f140f2339902bef7168bd4d28a1ab9b95a0f56bc2471f04eb8eddd

SHA512
2c75bc359e7d592e7495ef31479b163463381a94620c9cf2285eadae235b6106d58ec1b40e8447dfa7a29f1cbde43f1489bb27ce5cedcac87fc002013cf7273a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
daa63df2336f7142c4c070f368d08468

SHA1
c58f5db64c3a1348b50eba3852b7aa0bf42a0d27

SHA256
3d6946a12241e82a40144b5e1d6caae6d2859b953afd2f9ddab4b12329e1f9c2

SHA512
9cc5e52d47ac8b8964a01bad8707803e7dcea8191fa98a3ec6984a59bae031770897a243a3a777ae83484bc0629a95c1106195632a87a79b72431a79199fd798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\de02bd03-3ac6-4605-acc0-54b33aef54a9.tmp

Filesize
4KB

MD5
44f4e70da691735614b03bf8e5f3dbd3

SHA1
409c841d2208d5df2ecb057b269d00035d5ab829

SHA256
ff9993027ad85f40d08b3791631147bc038684e7f19d6736beef0d37255ca8ed

SHA512
5d1c5f965e512077a06aa3f023b4bbb6323844f38c15091ed292adbf7258ef27b3d68a53218b62207d4ea7626059b33e0d2c65b404130dc42b08734e93cb4b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
807a034f6e7304f91afc1bd3a13898ad

SHA1
5e4d0f7ab5280775e01543038052f214b0f850c4

SHA256
d03a0e8582b616d111e33807e33ebb93d081de0851289726bd35c21a796d544d

SHA512
ffd8ec49b4c2748096054b18714e48f5b61f867876aca671f61ff565cfa2b7401a1bb186f6a11fcd4674342d6a7ce8049b48e1ea6a79bc7fb0a0ea62bbc29cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eddbe42a8d561ff428327f927025f42f

SHA1
d962ef0b2a36c143238f49b2bdb506eddef072f3

SHA256
606e1b986f63f9ce8cfd816e8ddcc22d65b4fc0bf3f3cde16cb5ea1a0231a79b

SHA512
382e5f7d4a04eef97601e981c76e2f39735c521ebba6cf38dea66c6a1d06927942fcaa10f7f548afa38d9c12033f5d6d112e6bf0c69c261a2f55588fdad79de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d73015133ee3ed3a0871f8e2f8bef32e

SHA1
94b97e7a0050d5d2a80d2d3a93a5a6b3c04f78f7

SHA256
b46fe049278014fa59808af07965c7a658c27b85de65cb032c32922ac2fa79fd

SHA512
a8c0a8b7ccb308dc576479cedbbeb271c6982547b30a244adeb7e3d1b42e13734e8f10cbcf4ac7cdfe32a752fdeaf5eedefcfda4c5f10b48d9551f74e58a565a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
943c974e90ccaf00d555664945b8c7ed

SHA1
7647b8d4315ddec7182c6418f1f5bf838f27859e

SHA256
e919e801b6cf774ef2674616cae4ffa16ad2bf0bb72e349d21000725ceac8aa4

SHA512
cb16b8b84dc2c487a1e893f9c3d125474bc733b3ede81b9ac304f61522de3b6705dee4a27a647d4ba6e1f20b8ec095fee5f49ac64ceaba8672db23f08c950eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
106ec64d00090952e3028f410a464dcf

SHA1
7f3deb6cf74cb6238267d4b57d0661b74280030e

SHA256
a8908064af01d15d89931e17639a2973bf501bf1280f9b881d18550d3583d6be

SHA512
075d04f3d4e1ba9ab1475932f15342fe1fa4a77db3ffe6a80246c0c2d3a1d1145d3892ac770cb1afa406e436cb4b96d53c78801ca3d1b0a5a40dad2a91390ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ccdeb1158f1b89d7f526551872f28e54

SHA1
626ce8ccfa8794a0ec10b7363a661a367e1b16df

SHA256
f74438c0a2b4f2d5231f3e4a79070a940298863e6c271577edf8dba87613cf79

SHA512
9e93e39acce09d8bc7dd48db20b368b495a951528e72a450e6f170a4ff2ab21948a40949bcd4facdfc36c67f9775ecb82b4952a941993e7bb2fbbe8dae3238b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2dc8e08a331fd3b3d872fb6c369395ad

SHA1
cc8e316d7c96ef445800e8054689797c63729847

SHA256
ce913fd978a4dac8f81c6a979ced554b211ac6664bacc5184cbdd054a913b79a

SHA512
3e4ee67954d69919004640f2b982b36c980b3a4b6c086a4e037ba658a8188f6715a35e67af225cafc56cf7752fb8943a3e630e4680b4e965890818ddbb83a33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ffb6d4ade8b85f5c8d256553e523a493

SHA1
eeec8c2a50d6bf6ae1e4502d1247dbe67b434c84

SHA256
0410d750ef73ffe396697a40c49d36ccf7f6189bb38fcb05c50e257581d2c3ba

SHA512
b05ed044416bd23dd71ef0e79a26ae67214a9f83be567fb8f5a39f32e8b6fec5cb8ced0fd6f021762b1e9e7eef36b2885762b44cefde4775887e14b93808ded2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
792d173e6480169f5c2af2f30d0382e9

SHA1
6a5a023731f589d1bdd45637d8915e29de4a9df2

SHA256
2603564f5fb8c4ac37cc712688c562c065c8a8d7515d50b21a842586b7bd679c

SHA512
97df137a0c03921dd990b4d90b7bffac62c9519e7f88cddbd3c54adc1ffde6293e97159164cd326234dd80c584f1f1d5f49e4ea65ecbeb82adf939bebbdb1b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
858b8348e1987dd7770ee8c1f26c6bdf

SHA1
0905d6621a8f1ead8539c44891c6ede7cd9067d3

SHA256
256a7b61ce362e115e51d243843701272b15bd9e3f886fe70eb74d12850b9c83

SHA512
6c7639097ee9e097f5640f173cc0e598618afb3950310bb93b4d90ff591744bb03b6ffd7b8545bd08218243bd0881d9ea1bc9f47a705235543627eba9e94647f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15db9458a43ba769fa6ca6eca3a4cf68

SHA1
df711127f8d84a4c8a51dba00292fdf27b73d4df

SHA256
432ba040cc8920cce80736ffb680ec35508e3409eb63a705ceeb977ee6c2d7a8

SHA512
883f7bb0e07125be15577a5d2518e68c4241d6e36255e1972a4c49630f80d309fdb224ee71c1c61cbeb08460067aa8be1331956e5d82f583dd9c8bbb1b3360a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4b9dcf5fd228b54c9eedeaf7fd73cfa

SHA1
ff600d9637d8f566bbec6e30fd2e85d1b8773b9c

SHA256
b85895a79919e95a8826df07583725ba43466e8ce7a2883a332f74b042b6a696

SHA512
bebe722027450dad90d3f772a25156a8f4722db94c0127a9b41c68dfff0c6a7e3e62e270e91149c0d74811e919f9afb943d6d339f383fe731de030fbeb316078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a0e1d76a2a2c64a36bd10ce8e777b0d2

SHA1
2525e634bb2a9de20ec84a7d72d79ab64128fecb

SHA256
b9e497ba0bb1b6a8da96ac4dbddafd88fe9a2b1491fd935ec59888c0310a8bc9

SHA512
f97226a1b58858099fd40d4f57a7de05cd9bd72cd9daba600ca46856fbe4599b288ec659903a6585d76f770194ee8ef0d1e99ce715100414ac1074572a49a42e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1a8b62896b506873626abe29bd31736e

SHA1
752e7361d449e9b5b4bb322ec94c5be6dc9a4868

SHA256
c22a5781cb8d76dbe801a9e04882f2201e5a02023d1b1f8b2c3ad3d138308b01

SHA512
2fe0e81e3e36ae7f4bc392e04b366373a7da1ca551001af990cbc892e474f047877a9cc33e9ce616d7bcf84c142463623be320fd50b1d9f09c65102e748396a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b89f7a579f407b2d941f7c7e0b41d177

SHA1
6b4713e5d3510f2dbec4bab7628eb4a982ab5df2

SHA256
12834b0985f9cb4a2c67dd47665a961462d09debf1140266b4ad31cac9630f70

SHA512
b95197d6af119cf151ed6aaa3e33c590e9d3274514c59180cedaba0e731eeb8346e272d9d59943af7655336aa82b362f7b48bd419569aa838eb75f481b5fb184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b6d6096d01d27dcd6efb8f8ab70f718b

SHA1
2b4c23f01e126d2d3f2ce2099cb64cba106b0708

SHA256
02f98320c2464fa6ca651dea06b39e536e15c7725712592ebfecf73799a13a26

SHA512
eb75e394f9615fb99a9ed6e322d215765e8490645623564019b00756d93c7c6345d14d8fff395d81b4c03d4de9934932e3cfe2ca053cd22d536af9e1d2ba1cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
329551f1e8af74793abada213658e068

SHA1
d4cdb8391f3be80c92d7aa5a67959da7a8a8092f

SHA256
cd8b1d2511bfa0e1de0d4dada56ae5e785d58127af5b6590eeac18c30477487b

SHA512
fff1ade9687aea8bf1c3cbdd54ec8ed893ae78e3f29389a812c8662eb6b3292637efccd997164540b98d23075ae9afdf30d5676c84f9881c223617c7cb5c4af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
36604b24bdff7e41de7709086b127376

SHA1
8c4ef4097b7cf9f8fbac8e76efee7ca34ff4f923

SHA256
448aa1da8aa772e02e6ecff3f34107d2754f9aab9d7d307e0cc4922a6a6139b4

SHA512
e83e046df95390ba2d05f89db07746c0d3ef73ed989c8ee0025eaeb1cd05135e4c1544b7a90b632800d0716988ff950d6159e546b9d3d536a6864c04eb175fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0482785d45c8808da4d06e2097b39400

SHA1
18a85ed58e449cc953e2215740a4c3a6e091f2d4

SHA256
d36858496562413a9c100fcc28f048f87da57a43767c3ed94c3c64bd09d77c51

SHA512
7294a3a49f2bcacb601b4d6fe421168471bae068896027bada1e56e6e99e048edfade43e769759fba73a4481270a687e2374169d05454f209c6725f8990db3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b86c71cb8d1cd0bef921dc72b7f4484f

SHA1
522719b50d44cbcc8b588df8a77b61786b36c1fb

SHA256
8b51473f090b1eb4544d07fff03abb66233790463dce19ac468223dfd8989a1d

SHA512
dd7e08916a69a2e5028a2c62f2cd30bed8b1f8434086bf51c8b647134226ee99a27994e34430a518ddecf3f515c951dd31eeaece9ba669194484f76e3b6180d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c3c63d91d4bc36fc133da0134b94dffc

SHA1
9290d664f14b4cd882912932bde6b23b7482a782

SHA256
ee0efe10cf772bf10c0d7dc385d633b974d0c134662c2eb00ef2dfde6f93a481

SHA512
05a4b79eec06557b58d7235423eba0c6336470dae8760f790621040d6122908eed3017c89c641fe4f5bf57e543d0e4f177d2fb6c38683fcadbf85e02bbeddbe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6783701262fd83f19b29611734e2ced4

SHA1
6079fbdec6c0aeb4df339762de4106f1a959e822

SHA256
fe77ef2fd11bf828022fb15e62cbe9ca313eb640f09bd168a6e0fd9e53f5b761

SHA512
47dd5ecc6ea4c88a12e4c2307d19146d5f026ff245ad3b9604f91ec8f6789f9ed656f0d80aabf249536e48431942c25e9fe6a3f595fdf8cf195e3219f35390fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c070eaf9f336ae6896e153a22d15168c

SHA1
d02f711903311caf2fb00b4933e1269cd1c9f552

SHA256
d3d10171879beddae0477b5f9a1a4b10eaba5ced01fdb19211855d11a8cc6f55

SHA512
f14b2a353a834a3f2f2e10ec281a09545fa81c3618c7c8ecd91f021e3455e6a8bae516255f4338dc98bff9f836fdfc8d51c9d1f347ff07c89c502c3ccfcc4fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
e89937bd5a6c3dc4e98cc0daa30d24b0

SHA1
fe6d5d385fc9866af7325b351a6db7036dd57bea

SHA256
e0b6ad5ef33947e1f93c2ed629adb9fb2702dba66ae814a0f51f3e6aa87a016a

SHA512
99bab8f131a6ec0412dcafd867e69e0780406333a3cdf64a42d307c64b072771f84f3440524721a9e8fb68bbda1d222811b2385b49d17ef082d78949544fee58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0ad9b1eb72b198e33f8b139ddffad1bf

SHA1
26e7a7ded873f0f84745abf24738991b17ca9b0c

SHA256
00913ff5f1a86d643bd0c2910eabdc14216dc336dc8344cbdcc6cf0a70173da8

SHA512
311f623aca27ef1e5ed08942f602fa19e1211add3e405959be106fda702cab2c5956a423cce3747dd37de3c51a892924b54e468b553cf4b17aca66b7135a90fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b2aef0548584ba198e74637a35a6127b

SHA1
5bcf27286dcba4368254662cf5601ac4a8b73095

SHA256
a7c53dbdf76ecccd5ed29b682ebf7c37ab193db4254b74ef8c55d18956d3eda6

SHA512
af153a474d11a26aa32d6c2087c67031b6f27a1a8e073c74727ddd1f6ba6685594e3eba563879c286bea285291f085c9b1ed88133b81e473adf707ba32226700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
a6852d1b54525e4a21e37d3dd873e6d2

SHA1
81811de5fab0714c3475a3e859def8772412dcc8

SHA256
848a1b60d40f3379523da29b9cf2315780153ff37030eb8474cadd09025e667a

SHA512
c6ca050796d9c390e28bb2b703d3d4d49907727efe7e3be8ae397c5956eeb8576da16deb2e16e0896d60110298f0c094c6bb98d4394f944f68988f0da3241e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
720bdfa7e0a534304f53a531d8888368

SHA1
55e42c005bd27eaa28bc84bf67066fe0c60a23cf

SHA256
2510a851c4a7c62b41891cc0a4ce920ae1090c65cbc57cc9037a0ceee40de133

SHA512
0670aa5d4dd535c2bd6e53e821de1b7d7b2aa3611696fef3400a8fdcc99b600f39b9abdab764285d4474606e862fb4a8eb57bb29e88e2176621ad78b08c51ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b9aec669f2845bc3e441ecd3b1ecb38a

SHA1
277abbb54d441f08cfe0fea029d37d6717851272

SHA256
c5d3e49952ab05fc390f79ce951c72b6acc0d7871040374b88a48d4d35f6b0ac

SHA512
b4035482b87faabc6fb29d199bdd58c609093a48a5f654fdf06ca224c7142d6db720f9bde5f909d29e26df256707885ff60780c17458fb5099eaee87cf280aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f618749c51944e0648d4cfed05b66615

SHA1
e9bd9b035500af2112b24177d2c037d8cf1b13d2

SHA256
d9868bdea2f67d12d274784c33e231e51f11085fed9c4c9dfb58f962a39e5e21

SHA512
0ecff68574a8f0c10c55f46225d59e3728360af157b49850159f263a64bdacaadce63c878b882641c5b189ede134af9e0cf8395dfe066dd7b4a21d37443abdf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
7627613647da0e29866e186e0801b3d1

SHA1
1ca5f4e4476acb41feca649d9d75c00ed5e6103e

SHA256
ad01d03e3d2b8495532a59b8a960a7d176db14a405001bba0b912597bb80aa1a

SHA512
8f6af69c86f0a4462297123e5b4fe35091efe71483d877c807ffd9292a7bd64e3a9771f4a8ebece2bfb25bb5d402783f5bc1c82e1aaf22b4c6d81d9425d61ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
7798cce5ba8c6804ad392ee8a824a9ad

SHA1
4d93071fa73a52e6223dedb809155fdbd0006c84

SHA256
c97fd6e2bfb670abbc4f92d1e3a3d3a64fcdad4e45374c9f8c9b947b125c9fc6

SHA512
0ff95d725d76c084cd74d39ef632ba857af1d5181b038039606f71f1e3ceac577b73dff72299b35922082a83848136ec84a95fa60333aead12a80b680c3fb957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f11a52f871f4b3414415067e96e7bf14

SHA1
18719633732fccd7ecb9293b19651cb244190a7e

SHA256
f608caf23615b355f5d84e925568e1f69f73607869e5f6c2255352bddd4a8dcc

SHA512
f7ee4395675c291467842a0161de570e7c7fddf5e8db10307cfd892ae44a261294c1703c10a1ae151b5e6681b1fb858aaeae05778abe5b3f3163a9bff401bae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
40294e788ca491c36f628a2c36651bb0

SHA1
30931cc23c3ae93cf2289e64f188e38b7a1dcd7f

SHA256
c716b3488902ac8a1168f6c0ff70da9bd4e34040b058b166076a5303ed08a343

SHA512
232320ba855b46b58feebfce18be4578ed7ce2ce14f7a913c6a11e13385915ab570012d99d506dcfe885c5f85cb4825e3d4998d481e8564927dbef024d9fcb22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
036e8f345444fe9a3351f34f133ba440

SHA1
55077ca8042cce9b9188ff0e03222d9b69506b13

SHA256
67c0660b8305837f53656cca217193c0571c03dd98d0790998400e81d6b41639

SHA512
b69120b797745813e5559221b27535f81ec2a654705695043a6c3ccf9ad8eca51ff7adf6b3274756a5c1b5ebb5ae94139c74d3aa5cd18ec5a9a4616f1ffbc0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a3b576df473a1d0effd117d97f25761e

SHA1
43fcd81e3a57b142541b82fb9b7fd65bdb2de686

SHA256
c0cb21cbb709e53266bedf3706d8844c26399e9ea6b961e3222b47c9dd0a88ba

SHA512
8950ae16d9849f41e0f15ff1a3f67cb709d74bd81b89e894b9c618da5139e1184d5b1dee9b54e79e5c452c122ef989e75f93c5c13757b3e874148764190bf2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
081e08ac68ba779109722d86a3a292a4

SHA1
f95bb1ad2e449a320d72fdd4f5054099c45b2f4d

SHA256
3e6fe61fbdbd6d15f00634e3df6c6b159e8db4990edbf24a6382aad40091e0b3

SHA512
2565f5a49118f82b09885d7504adddfc99c388257224c99dd537300ca08b918973a1ff48e321e24e01c3bd42816fb2b683727467c9c4d010179429e586220f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ccbfdfb2482fc428f0956b550e19c91c

SHA1
aed12e3eb9a8be9b55edbecb58c31963dae97176

SHA256
5bd4774281f049ba303a47a05712f54204c5281fcc7506367a50607fae47041c

SHA512
c0dcf8702f884df6c7704cb1aae3dcaef8f4903c6c01b807e856eb9e13e8a05d42ce335178a1ee789b2caedd3d176b3e5be306882d7ac07cfd2c5d5324d07e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
888779ed1971e9d79cbc7d306e037a31

SHA1
37f745ec1b3a2da74c5150e3151fcd2677958345

SHA256
41e41a1a17f35affd8315bdb0a3dc5df997876c837939d6c7cda84affec17d1b

SHA512
63e36f891478f4bd7eea32a51e62312549dafdc31e6d2706e55e8bffb81d3e7b0c4ee1880c032606a7cf4cdfbb6c4135b218afdfa857f5ac774a4c71b98cf2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
726d1d3c78d28ba8afe980585a84cc50

SHA1
792cd6db56a5083894dfae4f2742c2b148c6d73d

SHA256
569ce672887a9a185f0b00297701330af28d8b44edfa16e68705a28224ff69c3

SHA512
64d0318a2097d165c6381d41bc9c265fbe158ab6b923ba3e45b711520a88302f707973ce38ff6cd6d4874f6a73336e5a841f17a88f2fa1c26d4d9145458368eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ed16da31decb3caa78a0860ce9ec1f51

SHA1
f7e78d1178b0f7e2da481683c3db69e6ae7f7754

SHA256
07ba1ed5c4e5dbf81defabdfdea62dda5608190881e9df35f832e126596f7910

SHA512
9eea5e6acac0704ee21ceab561b5090a1eceff2c7117db7aa572d011077598c4b0361c69109bf4d12aac3aaec24dd487b628d085a0149c438a64826017894915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
7a92bb716f0c1b809bcbef7ad305b78b

SHA1
b16511161800206fd8299ebb036d514a6bb1cd87

SHA256
54b8b401ef14780806b6e9d3638d01d6d649f2f8df21c0a5f3177b5e0052cec6

SHA512
e15076b9116035c101e3450ce02dd53e54ad4dab3a4a6b50be77f44817f1a99c908fb370d5c6b2a9dd0511ddc96fd578187cee0a583075f690dfc3c21e021fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
52da49b6ac2e39102b7925433780f853

SHA1
4091a8784fb3741fc8ffd65078e50cea42add68b

SHA256
81a3b34d07093917186122c0199eacf370ddc2530f1a62cb6d6a8d6d60b66ff0

SHA512
ec018741b3519ff43293d09036633fb0e081818796044bc170f7817a99a4f594a068bcae5b0e55123a4c72c6aa1945578944bda243979ce56f078eaff04c8ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4df21fc8f39e16a80be04ccd0ea6114

SHA1
eca61b8efdd49f350aaadf3f23b38e43ad098e54

SHA256
ea0480749369b3150aa8e77880cecd80135604ac509072b7c220a55d3a676a8a

SHA512
d27e045fa45b7c6e1047be2272484bb63c5ed4bd84c85528e05f5dbf6d2f02cf90884fd544a0a9e72b04d696606d8113effc0c72e3b8d3481828260f18d6fd96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3a1e3378b3e4e340824bad70d1b7f6de

SHA1
406776c0902908dd0849a723b684d61917c1aa53

SHA256
370f5b768424bf329ace854d2693d3c3f35d1da0a26f8180a6efc0ad371eed19

SHA512
5ec89cd2c0a4687f3824a4cf31d8ef01c0b4969f49e6e8c31314a4fc7f796d183e345dd50202c0fa5e409c3b66dd0e9ee4c929f1c879711d8a7daf1124db1ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f8ad8645f2b3fa4586d88ddd28103d1a

SHA1
1043d5444b2615988ff08d964ddbfc0d0f0456f1

SHA256
f63b6f2c0fd8638420f3e7af86163c33b2e845a737cb444d8e7d30bd4579717a

SHA512
208d569a5a80237e381d1eaf39972317035aabefd11d929b92c37f34e032793819875baee9a622f977878efede427f09902837a1ed8285eaeec985769daf3b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
84fe57aec9d190b995974133fc989b3b

SHA1
87f1a0fc23bb3e04fd5055f1e7e3cefdd60296ef

SHA256
a49214c766d78b2a36b162b2f09260ae8454d74b11ad87d5867d0988d16d9eff

SHA512
32c9d25b674bc3f3eb751efd5feb0a4994dfb714ef42d16f3f60e5e96dc9e0525fe738ed0fd1da4757ac3d0452107862a2337bab13a33bd844df542d706078c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ad0cc0a0314017d6834d970e4cde226d

SHA1
7a82659b1a5a6bc7228da6fbf5e9f1d0d5f1de61

SHA256
4ff3352d21796839a0096e5ef81b43c3b310961b52462a72c000257ef1367770

SHA512
1af2b417036d91c6bd52e47dd9ca62ab6a9aff99f0c3153270c26a5c03c21e9ba8ff160e146f86ea3875cf44a16a7341b7929313ff3f680637d8b746d476e87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b99aab85cd9b13d5348e750b9a88015d

SHA1
afd873f07bd52b8372337d0ff84ba934cfd7c272

SHA256
ee950e3843f661bfe8642bfc7cc3510b1f7a090e3b5c3eafe18fce3d48d4908e

SHA512
bb12d80564e7c92c06a610279f9c297ac76b86640ee4f249ec856907b70448e8b72533136bc1ccc6e9bea226fc4120b0a16f40ca638e51c8b84eae1bb4481e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
bfbaf644ee5f0494fb8027289496a0bf

SHA1
136a7f4fb44a3976373b371396f13e291e627bfc

SHA256
a0ec020877c7cdb0320688755bf29007ea0718ada14dd021ec295852e8ca0d2e

SHA512
bc19d5c4078a03d3e142422a81d006e83ca8c46e06dec05fedc2223acb37ea18d3803f299b10b0ed0b92956e387aa13a9b1af0abd153563780dc36eb3f31738a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0bf98c8a233d42cdcdcb817c0fd585eb

SHA1
c71e3ee49553b55d03819bc5f64736fc73a419b1

SHA256
fc8e06d10171914118b1e0fd716e0a7641e5461ab6f538ebc939039c1d2d54d0

SHA512
f65190edd3ddd8fd619dfc132977e217ea213ec4f16fc2a2245ed280149a4cb44f99959263c8f0c286e392c1625a4faf9209af9c7601704121993e2581e1ff89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
9cb7531c457353fcc0eb3c66caca36ca

SHA1
339ff405f5a49a0ce18b8fdf1e0e2098242eca97

SHA256
d8f3a1a7e0f7bcd38cbf3d6a1f6430750a69741a2a211ae103416b5d788b61fd

SHA512
de11fd8fcdc12dddf469270dd79bedaffe351c38963a19007f5a44a9e4a78058f468c7e89b9cdbd1edc82a8f8f5b62358afac5d5dd961d20c04613392bb4c92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5ae0e94cbf8059e212f42b773ec4ca63

SHA1
5810cb6914cef3671a41b496fd963d528c342ffd

SHA256
5cf0fc453a98fc49c1a79addb1beab02d58e43b96b823fda29cf5fcdb9a504d2

SHA512
8587f9c6b7a58c8dd6c2ed319084a9d0f3f612d37c40e8ea3846c53feb923d1e103f771dbb13e8cf8f75b9a524041c21080b8310c45c50bc019b380b5ec0f5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
00d1f57983c36d3c602b5e515d978144

SHA1
d6765b5eda49b390f2e8def1beeb14d72374ffca

SHA256
2daf66d21c8e194c5663ee4011d39fdb3765bd650b07dbeeaa2cc8fa3e708cc5

SHA512
29cf02c0923e87d03f57f0d8c2ccb8c7a2a8512dd0326aaddb3dc5719f718d179816a04d05958c6a6ab47a35f8a8c69e0de38a2892588dfbfddbb2a383761b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
207141d2ade9a92284a047626269902d

SHA1
a1770eda38e5cb05714c25469a1bf242fb2ef76f

SHA256
bb3e60d2a33339936bd9189e361e068ec4c084d91126d1a426cf193c7e50fd51

SHA512
9844fad1fdd8d1d250d7bc2bdadf39aea030e010680b2f50bdcedf8032ff373593b284ce6edb3f3c751278d0ef34bed7478684fc4b1ccfa92b2404030b99cf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f6b4b6c84642d95017c3588d3cb8afb5

SHA1
563afa5647c2d761a5ea3f5995bff72caf8dd19f

SHA256
2b951ca10a2bd66f2c0ed9c933b6795ab6f24cf46556cb68e0a7fec6c1ba01ac

SHA512
236c7b4d161d4c951f6472d3338467415faa88d606c5257bf555d6e18f9656bbc4d883c221e34729b14018e9814a3b90b00b75c3534da4f21b805e7de2c372c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
a616fbc3c8fdb3fadd890747e2951afe

SHA1
d85068c47cdb7755b86d43bd57dffa448e47cf6e

SHA256
52025371753bf489d3636f7ed21acfc03dcc8f9a8b4b8a49c65de17d65cfc738

SHA512
471fef9b9fa79be94ef8eeb52b9d93948d456fd4f5a5459edcbc6f68580b83a5cd7f048728e9957208ec959ad5da37123b6a40d0e9e682f5406dd7ab894b9007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f181a09a3b1e27537254e9e4f07f3600

SHA1
18ca78bb17e14097152a72d9be9865cd6bbeaa3c

SHA256
ea443386a64e07b54073333e66deb39f206186ae1d7601885db91db87916f1dc

SHA512
51e9bce5a285845bb9ca001fb1dbf0dd3323b573ea575c7015379db6a4fd1448ddd4db3bb6376b7821290612b03d292bf28ee7335ff358169699fd9b5a555de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
4618152511c392988322148e9f45b795

SHA1
f7496676ab0878001a56d849cf546bd5dd92a5fe

SHA256
35d2ab2cf77825bf5929d5d2bc9e52464b5f5632bf9d04ab189ca3386094f579

SHA512
02d7fb7df550a46fc0285422862953c8204f86fabebff93aecb66804ba8c1fe2baada91d41c2331993532ccdfa844bae0680c40e0acdbd27fe1985256c876f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3d0971dce42f048c1e948487dcd63506

SHA1
07f75078be21b067e9e9e1cbb54e986b87dbff90

SHA256
6c3ab645155f6d8270017ef96aed12bc846d5cc66b97f6508bfb5911026b5416

SHA512
49ef0fa0544175211f3e29d9a527f5335c8a80e3634483289d8f386bae47079fd1ebecb55cdd7b26bee850cbc7b4c41b7fb6a0e674f6a35bee0bef7da9cd572e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
de78ff681f20fdf59297d3036e505a17

SHA1
02123a9e338ee224d9868d547b26a2a0744057c1

SHA256
724e9b90e0c6741cd12f7de48721aefc1361eba59d5f37a37b8dfb557bf33fc6

SHA512
5c6470f7037016502a5af76cce04bba6b9b8c5c7ded7ea294ddbb2142f770fbb46325ef263ec0550cd2a017f3d8a30ff4e4e333b856e3830e622f67d997b6060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0c30a6384883b014fc6746ff8dfb2242

SHA1
a5ec162df647b0a0b3c4823cd6d63def4fa43f3f

SHA256
5aa31da6e88279c91a73626556f6029e0a8191dcda1ed375be3dc874628d32e3

SHA512
7d1a2fb94b9389ab11c50f6a2d3c350587d5820d13d9910705b575901a5b9b96048f980a6ed632e49bc17b038bb2e27bf789e939fef776ebd312686eaab99068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0a004a472691c12d6a265812203fa026

SHA1
b64f7709bafd9af22ae0f7bf70525b26d3690723

SHA256
355ebb145876377a44f7faf9815c35149ca0e90228833752c53c7b68bf8f0a49

SHA512
20b8943e3fbd621f6ee3e91cc13079b13ec1afb5b2c3a325c4982d024130e367bc3109d777c24f01d110d323a9971a02bf86a6743c80eac43cbf8b8103045802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
817b05ba086e984a63713c547e01ce8c

SHA1
3514d51ee084dba61f55774857f77061c68ff2e1

SHA256
8d97a8f2ec4a74351bdeb142978f0c31c644195760b6dac1fe1e339781a98391

SHA512
bdbf5fffadf36d025e8e4b2ca454c0f040e9392076f6a25fec2732a62691782bff7ab977641cd76e0dcdc7d47ebd1c7d06bfa2bdb30f7d64e36591bbc4f5844e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
541c8d63af9ce1911d317f7f6f74599f

SHA1
17ef6f70e69d912cf70a2ef44a6e53b12953a85a

SHA256
afffec7e711270fb35b8f14e2152b410e0ae9897117d6e7e57dc58bfcb814e83

SHA512
5b16fe8af4ea5d926f76e26c88fa20c491dba4a54e2e88c3d44fdf47c43f0fe899a87d0a8579cbdf072445f484f62aec2ab3ee63c9ee983c26f435bae6d5e567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
23538371ee7007889d1b791d9ab5dbb8

SHA1
ed16e23ad0733faced25e04dfeeeb2bc45a25857

SHA256
500bb7787831b0b5344c9e17b626355ba8aa8146f8135db0bd22c328e9e34a4b

SHA512
12d5acf166b51b42ca7f45a5df53ed3dbe4c76e1379f6c5aba0ad0e0cc3bf242e5a240e0899a9a3c21afa3ffbcb95ed8ac729ea4d7242a1ab936f56049dbaa65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
83cc7924faa8267842c5b5c6c8028583

SHA1
26759caabaca1749e5ce1c819c95405d4acb8053

SHA256
8a1bc61f270d5d47ca2061c71fd28f1665f22c3382d0d202dd40ff9b809f51a8

SHA512
9cbbaa54b58d20a869a6947203be85ac3b8e23df2aa740e986d7e5b0ae928fee844d1a4c5d5129241c44a545d5a0aecdc3a35bbcf0520e19ec2c082f198e5bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
df9049e783648672fdb7e4989d221b66

SHA1
7feb35fbd9c7cfdcece8195d12041b028d26e209

SHA256
a9b53059e1fe0b5104825d9a03493f28ea24bbad2d47634d197dcab2e845a7bd

SHA512
9405cb24e1b01cbd239b800ed8a57151434ff20d2658a17d9cfb27872e37f0f5c28e3c4355e67394099f21c7338da21e2f23874b2afa5ae9fbbaf355e5a61a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
f8a8862cabc0f93d285af412595e13d5

SHA1
e17826dfc5e8001777d016843b91b0b6951b91a4

SHA256
9580b60e402840dbcbc54856311820b3eb90f26c59b2d42ad2513b1c9b610677

SHA512
5982a54869855dab4704a4de8817ac3b51eb2998ee658083fb1e9634634326095d121cf7bdc211890c1bf19a0f9acaaa8520c5e079625a51b66476ae403cccf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe597d44.TMP

Filesize
140B

MD5
cc00a795ed9d4683352ad58c2b905a73

SHA1
2ff91fbda5e73df39a9e28387bc4490bb52d578b

SHA256
2d7a336eb155ed0a3570d27b9f11391a1cd485c7858821180dcf173ff41095cc

SHA512
2cfc6711a4f86be930a89e20497850e61f27e1d3fdf0b47ba81a41a331a2cc4b64bfea372c49d7eca14d09e593b32bc1c2e010dea763b27420162583f0399b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
d678959f012ce364cff5baa70af8bb69

SHA1
0f3b9e2b854721a7944ddb1ffbf6a384dc04daaf

SHA256
28f14b14ce5e726c201b34b6320cf2620c7c5aa8d8e251224de8adc76ade1b91

SHA512
9878c040c9b5435065ad696cd9a91fbe12bb4254f00d58b2d74689be15c3fcb8933d5050159a1eb73b56dc259582a0bc0da9e727e2e097cbc5258b1fe0052ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
79662bd56ddc9ad3747fa46b00d57451

SHA1
e0af48b77a71fb9012e677cb736c0eb2eb00eb26

SHA256
6200903e9e034393b71697c6f4acf1fe39fd0eb8e247b6b356c64720dc6914ca

SHA512
d06e2184cf354ec13127c6bda8f5d0874991f997a6d1b9058568686bdfb3964509721187c7797f23b985e6d105b5f509f8b923e5cf16072f30400b1d39d9d5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
d2fc4f348a44888c366d9a6ba64e91ba

SHA1
08cf7b36e12a2692b361984c519f5887f326115d

SHA256
4fa09e9804a5df01813a99c2b6377474444d55214a76a2fea12a388c1da865e7

SHA512
2ac3c4c9d93a644b663a540ee5e22a6e70cf58e094ac8382e7723e33965c4dc7c448f366a92c163b458152d64eda6f5523548b5649901e155d5dbd805051038b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
aa8167ea2c21d7758e8e9d1b406f082a

SHA1
44aa2d99cc3dfe0ff24cd7448be2ead7612cd135

SHA256
21432b1f76ffcb6265f06f9c3812b18e3ddf8e6892be31ca302b7b6f7c7fe84b

SHA512
69b53d2e9d421e78cbc02e8d44e727c23777e8838627acd58ebda225dd52a6ed2ed9da1f530acab0e499a49620629cb4eab88c1fffa8836bcae82a7b9653e6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
2ab26950e5c441391b3dd60ce8a543cb

SHA1
e80748a876258112a84a45e6e70b490d5672d8ba

SHA256
e0c9f0b535bdbd91bd03653f472260b48ba674d02fd43c42ddcd142f5d2fe41e

SHA512
1de4259552473b9ecf79c7442f031218721b5c1a2e772220935aa792d5071a63019f11936c519d5ead8e384af1f48996281b77d317f0ba27a108887dc02b9611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
7c397a7272b70fa08d647f9e5dfc7571

SHA1
763977d1529035ab0910ae8ad19bbd0de060928a

SHA256
32d929d6b307d3da88d9c950f2321c5c83c728602c24a538ed0ba7cb323c6abf

SHA512
c713ede5cb3dfa87130d87ef346a34b520c24e8fb656c81bcdf7274d0aa3674bd13bcb5e9fa48c9ad890b4295b6c99368f263da80bd2c45762982c277afd81b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
a65338b703fd78fed28c78aa7fc1ce75

SHA1
c5b0c7e33f8468981ac65f6ee7fa62ad05880e59

SHA256
facf853c729b97eec311c78d5c0fe13eab15c2985771e210e707040fe981a5d8

SHA512
f734322dca0c3f50fc7ff05936c62a7512aa62bf630903c64105f3858a3a3cd88f3889deab5cfa153e208ba4a85db1f3d19e19c1cd0b43d3770949c883cf438e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
daf3658157bd85c61ad0061c647f3962

SHA1
43b3b847c6453a5f794956e671ddc14b326c6330

SHA256
515393fc924ae91d7dcd2e8769078a301a926d3b4f96c16bfa69f2c5a89b9e43

SHA512
6ccf76077352af0a4d3ff7e0a5c2af42a4cd6de8f2e2f5e2370fd92708b2e5374976479b63fbc0b72d0bbae7b724347f6e38fbbc0f32b8fee1a6b9fa9f466bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
22c79ee4399f724a904b8fc76f563eb3

SHA1
0c21d08a4c9120b044acd9574bac90226b27b7ea

SHA256
921b0cede6a761c9eb2b53e7b9a3052602f15bb066bccf3d06f46ce3d997005f

SHA512
970f608bc07047b869651787b95ead3808f5178192ebaba1bada39519403a57e864af4fc7ea2ad1347335f05e83c2c934aed4c4b039904c1d5c883602df12191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
852b3c86a6d00a8d3060b0e512794602

SHA1
587d453d6f65cc18b93d7a337aa8469194cba20a

SHA256
4c284c3b63994d4c70b60f8aee3eb6a30299524a3069fd7a33b163bdef47d8b7

SHA512
5714749c9a80abcda6b4afdc2edd387d486d0011799e19f597a8a40be98cb2af405eecd0d38a39954f772b68508642c3ea51cd97e50222d3d78b68652783d683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ad92cd4f23cb4c9aca348dea2ec6363

SHA1
7ffe3bc242a16d616668c46531ba45b9b8409cdd

SHA256
b4f9094535a0d97ad33d2a82dc9495a90f80f49a8ffc21f579e1713736b73529

SHA512
6d2b711739bfab13daeebac060d6c9b202d572ce2c8901092e6967ced1cac97111d040472db81b30d86fe8279a4433240b6393a832e5bf67a73619fd41187312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0bc6678263c9329534773cf8d62a992

SHA1
1f896ab7bd8c99e8a99cd71c337a6f1a01a6651e

SHA256
5fcab968ec7b194fd771ef4b9150abb5c4aae86804b5952803294793feaccc2b

SHA512
f30ce2501af7ab535af3e7bb17e3dab1dcc2cb66a8d93a70587f913d46140890a654570be966875dd06ff776fdd9ab68088e9d6bd3fa9b944f837345654b0b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a3fcfcc9c79c64f63b2987866964c5bb

SHA1
f7eb877044aa252feabe02a35e632afc686b1658

SHA256
3a56d38253515b8772dbf7bca65972cf75ce6d6f1491dfe959ba187198bcdd36

SHA512
3022948328e8869af3e99445b7f344aefcb4faddf09523f60c9d0965c9e99108dc06f03ac338ff242b684fa5b12a9320f56850ce7a696323db62954567d68a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7205c73f46ca48bc51b678eb18cd3f37

SHA1
06bedf5433aab7e7de834077737495818399a08e

SHA256
bc89952cfc023ba8c3755a9b61d51020248d8e6b910215b35d11a3ff19262a11

SHA512
9a164201da6cce4345f0b2aae1a9cc558067f4493bf4f3cbcefc801a5504bec51ba85e0b371e199178a7d1aa34a3d6d923f1f0841efaea1f7fa9ba6d3e959eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70bdd3828e0ebc8640590cbfb95535fc

SHA1
deada85e76a7649b9d71e59de9552aa1ab6eb54d

SHA256
31d78f40008f507c72a7e63b80a2dc5ceccec5cd8ec3c5a460da13eac2718a84

SHA512
d211e4b45f323268bcc1ab8cebf1d5e06c032ab711e0106e45ad288dbefbd3399b926a398b4361debe89e0a2985e3ef443e77284a595ea93de440c191be58292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1aad53aa346d20c727d4d790a35b7fac

SHA1
1ee3fa28c40e268e8b97d2311305dc5cfee48ce0

SHA256
33315d2a0fd23a2d43efd6b65556c8a8850021a1ab3f3e15d7cbda48a18de16a

SHA512
af9c2b5f835cc696feebc77fbefcae6c620c998941482bb1a78ba8b383a26536a6c4750016ff9377a2b5acc9e083c954a9815025a558401bafab066bd13a5221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d01b2d35051645abe5f17e33f3dbaf2

SHA1
a64adf5e6199ac528b521a24f6a84d8ddf0e50ee

SHA256
06025d00d27d6ca33481f37b91f3f08b635d242077f0317515067f38f8ab8b27

SHA512
fd5db3b32d2f1c3565d904ccd8fd8249218ae41d30fb56e79462663fd4f5e8a63ca5d358fadd6e824378c07c186219b6da0561d2409011fa7799084b12f3b753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fea9eca3dcfe032aaaa9cc33296d7be5

SHA1
3f35805ec0d97bff4da5e178ce1de505b334c2b8

SHA256
ce58266c761f763679b1a2ffff7a903e38db7ff7f7a00b504c53a3f78d6300b7

SHA512
f5a0e4222d6631c11e6c25fbb2350a4388ce7aa973d75085c5bbd28a7f478b410f0f6f998047fcdf81bdbcda9169e1ae44b4657c0feefb261298dd6e226830c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
796cb569b61dac2b0a61b390205cbdba

SHA1
f1367fa8afdefff928e1545e63f49afd0a554a1c

SHA256
e2e33f6a494774ffca89c5c06e2d4dfd416374760dad8346a97fe24ae85f1e40

SHA512
f30dd3e6489689d652c4100b12a249718d2025cb39faf21d0674d0a692a4ffabcff6d373aa2d7b20e5b07c68ee5c0a317e5f3684d89b36ec00b0dbbec8c61cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e770f37bcbf441af51dd6d74f6f4eb08

SHA1
44996ab30f91b2091d46f048741be484ec07a71d

SHA256
fadc9a7f82e72fa2a4e76f6f81d57e81b620c7efe481336217eab188d8a7f5cb

SHA512
a7e00a77dfe83f192ffffe2372edbfd4570d8114fdeeb052189e7d7916296b314c2718fb01e671e1ca741f6f3aa7d27ab131fccd3983b012a4f54e37e4b70e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35fd9d331267f02bfbf4c7a423a58b8d

SHA1
4dfa31ef8281c6cb90c190721c2c92e040f893c4

SHA256
04e306a66a5c253a766676c377b0e5287c81927d7e16da4daa3752877239e3a6

SHA512
167591fd89f75664524cccfe8c8c0e1d319a3434c77997e49b0e58b1bb0e3a1a7c2bf1e198ad2422639bb7d7b2a25ab45253163d7e89401a7973e5bb46738303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
de133b7e4f0c873dd3f376a109d70112

SHA1
f9ae82708757b4b714521e71bc19ed92d9746bed

SHA256
90ebc7012aef4bc071bb8edc9768eba6659db0ca7bac838e8934343b02470455

SHA512
69786d211e23ce7b376822872204c1ca00b64cfcaa0785e99520f52d335be78202afb01a2251918701fb0014b119267563a7151661ea2f507f6506b4acdfcc8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ff054.TMP

Filesize
48B

MD5
fce356efbf0364ba555fa92fa28fbfc8

SHA1
292d5efbe8ce20499f793e1e4b6b88c56cb57cfd

SHA256
da420eeb4ec73d16d6c90647cff1cf6ade5adbfa7f04ba7c74958dfe6b5fdfff

SHA512
8346e6de08eb1596c9b1b38ef080cd56e0dbc5f27f3a7ffb46d9836b2ddd25a4432d14c7b4b384c0fc633c3dba4c9aa90af42b75bb1af72b8754f05c57bb58a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0d126d90dce50ba6de30da82a4dc602c

SHA1
77b94cd20b2b3beef200d4af90ade4066aa40ad0

SHA256
8032a707166c4856118976d7deb6f06afe50e7e8692aaf197d3c817e0721966b

SHA512
2321b20ec40f93737ec3386c43688849302954e1f7b4ba20b014e621b86e0a9a47dd37209f426acd4e8fa26cdc679a5c8ceca085cd4802210baf23f45466da4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb41f671b3873aae2c860af0664fff7a

SHA1
9b2efe0cf37a625f8856613488461b2c0006da7e

SHA256
8d05469cd0cd27df8d133e52eff929fe0862de21e4d364f0a343ab3c363e030a

SHA512
db1d6233db84033ebda19f94a931a2f9419bdf097f4aba629e897fbc6fcb5be6bf1174c696acde2d16a781b6c187a0c5ffb5f47a978bc5fde11216f7fde1eba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1930edfd8739b29395a1049b97ffa4da

SHA1
34d911c2f482cd714fbfd2382371c282c2dd30c3

SHA256
56ad8cf65d18fc4d20483fd9ed3175d820934ba7ba9322607b748fb3b4f6ad46

SHA512
e0298a77b7b1fa04e3b394f9e08ba2312360e82c985602843dc205b7231436b1deb0e7c351dcfe13349788c5d897f8a279eb0a3d400f8dbfcd1e072bbaf0fe75

Download Submit
C:\Users\Admin\AppData\Local\Temp\55c1617b-d5a6-11ef-aea3-6e43ea74cdf0\Ninite.exe

Filesize
1.7MB

MD5
aecea03ab75ea848dc8bb0511a3dfd83

SHA1
7c115564fc6502e16f4b29d207c25ec163c2b3e8

SHA256
168c0280421ec2cea8adcf34a22056839f32df0ac3575b08f98001a10ad587c9

SHA512
cdb4055fe937c21ff96d166b413876869508da69f00f3d508b16ce400a625a95aa013d3b1c4a4b25d789b345b3d4b366fecfb42d04b24255e4d18f4b51583fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4972.41265.rartemp\adwarefreesetup.exe

Filesize
5.6MB

MD5
8606a82ca6a84ae899ac8ebe8d30c396

SHA1
f8dcde9c10fe1c3c140fead5ecb1a2475cf2aefa

SHA256
ae29c8ffab47cf30604f93a9e3978e854b733bbf28c215cedd779f3e117a4a81

SHA512
75e1c173cce4ede3b2f9b9ae23be39dbd566a079e3f840a90aa3f621ec3abc40ab319397a72be2f8a7cac3138a5df86648f66fb56cc7301cf27c9f44e62fc5dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8232.tmp\GetVersion.dll

Filesize
6KB

MD5
dc9562578490df8bc464071f125bfc19

SHA1
56301a36ae4e3f92883f89f86b5d04da1e52770d

SHA256
0351fe33a6eb13417437c1baaee248442fb1ecc2c65940c9996bcda574677c3f

SHA512
9242f8e8ece707874ef61680cbfcba7fc810ec3a03d2cb2e803da59cc9c82badd71be0e76275574bc0c44cdfcef9b6db4e917ca8eb5391c5ae4b37e226b0c321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8232.tmp\LangDLL.dll

Filesize
5KB

MD5
de3558ce305e32f742ff25b697407fec

SHA1
d55c50c546001421647f2e91780c324dbb8d6ebb

SHA256
98160b4ebb4870f64b13a45f5384b693614ae5ca1b5243edf461ca0b5a6d479a

SHA512
7081654001cba9263e6fb8d5b8570ba29a3de89621f52524aa7941ba9e6dfd963e5ef7b073f193b9df70300af04d7f72f93d0241d8c70ccdbecfd9092e166cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8232.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8232.tmp\modern-wizard.bmp

Filesize
150KB

MD5
9b18117c878b0ad110b5fac2a3218cc3

SHA1
b7209d10b9e04c75f62a0d70d2ee5a6e2c4f57d1

SHA256
d169d6d24a647a94a7b3bfa994492df422fe35651b72a99985c6ab63cc2933f1

SHA512
56edd0e3ec67ec4531bf51f2e66499eaa7c1a0ad8800d75f36718b9363fef620309a0d1d8d71cb87dd6f159675ddcd1504b0959b4db4e192385d4f877411fc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8232.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab101f38562c8545a641e95172c354b4

SHA1
ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

SHA256
3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

SHA512
72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4556_660948583\086308c4-2dd7-448f-9d6d-2dd29e5948de.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4556_660948583\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
127909330cd9274353db3677f2359ab3

SHA1
b3c1edeb04c817cbbf66a82eb293da891741161e

SHA256
22eaa0d6dc77c02e482747ab2aec456ab2b026b55f40a1891a9ec3d9febe8bdb

SHA512
6522a7a523452962a27d467c3cd452df3689cae7763c07de8a7fbdccb3c8bcf5cf18abad1f4bd90e1044a176b037877405fa1e78e2e30d9fe51e8a3fc8cc928c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
9KB

MD5
bdb3c27ea674f7c726e21b41d5f5648a

SHA1
31346cae377f45038e0dfd9784bd276b80b62bb1

SHA256
b759137bd293b9439c0bc5e709b850a99c1e95e55b3b1994795c0c3e4f1c1a35

SHA512
10764513f5f2bd352220dd732373b4b035f75993334e4ed534ad286ac9990c240ef925643cc0d24e57637256802ed3fe59a99a009900b29eaac8c57203939609

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
8KB

MD5
b52acfdf0ecc265437b44154d22e89e3

SHA1
5c97dd5f5d68befb24c59ab0db393522b5ec83b9

SHA256
a41d735db50393545d2455f7f79821fc30a81c6f5f5b3ccf1b449f832b35ed68

SHA512
e013216e8367bfbd319d3adf8d2ad8f4c70d2721577c99d6f58b40b6ada15b43e90e5d635f87e97b55eb7334d4a752ca5bcf33191f2ff62a66c3d80af4b1c440

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
9KB

MD5
b6a00010703e042854a079ed98bf5028

SHA1
ef1dd02a1ba486b28daf32013dd06bfa112d1951

SHA256
b6c65e1e371169732f6572fb4392bd23303add91e694ec722afa401523ce3635

SHA512
023f677ab3fc65e1280ab2a4cd47f53e0e133bcddaaad3c2d84bfe1943af448348209d517bcd11cd20c3b595fefce098ade9805e2371053ccd43180bc4c18237

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
5c8add0622ae7ef73f9c33bf68d27c5c

SHA1
28ec3aae4edbae6fe8c523baa12cb3ba00d28f46

SHA256
010076b339243ecef86ec8bcf1932751923689db1e677f34e32914f3a544f66f

SHA512
95e45d414cf5df4a5a5f13601af4816d524dff40868750ff1bfbfe88751757bf26368b6997c1a1a2adca80ccdc2efb622b513c835f6cddb26020f32e42c986e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
5010126925e89cff49d04aa6a90c8832

SHA1
cba1d088bef75c6f7a5380c2051b5910d9cdc719

SHA256
1c68139fa8e6ce281ec8b756fb580120bb59d1f5e999a3b7c368ea0979c3166c

SHA512
53c26954128260c4fadf9b699047900ec282af2b5b205daf800588c05d3eb4a394f6bdb5a1af407896754631d0224a2f2c636e802cedf5db9b48bb407143168d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
bf2187fea29786c5604cff1bc54f537e

SHA1
4a6e0eaa0363a4c35ecbe66e2ec2fc8957049baa

SHA256
1e167432946abec4498b093103b2ccb08008a76af867e2b9773be6d9ecbe1cb2

SHA512
e0095e91c3918a6aa07b33a91788c24528b8e51bfc63a05d25b16c1cd231a157f8c74c4e4079cdcdaa11f1249c96519965dad86b5fe80cf91798178349c047b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
5f52b411e2cd78965a64e1aa2ddad469

SHA1
36ac14f9424860f8aedbdc3046f081a0ac7a602c

SHA256
02f20f80303b2a49cf67a9d0988648f720774dd3c2c6d7e46c30fd2736b4b526

SHA512
f4d3e936c2c29b1ef72852d787b3b5ab0d0b2e0f5daef82821eb99e6d3d01e2a83b7b92e9a27853497f9a3bc2f455d50daa096399cc1f67ea8b5aef40ef45dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
19KB

MD5
0f328d67f7a42880329279dbc6235827

SHA1
60fc25bdd69a9b3305cbea98a4189e3dd6bdd8e6

SHA256
9e372586dd0c74ca2aca17e1b5a26f71cd2794bce2c4b4a14d3c062cc16824fe

SHA512
27327d26ee4a22340b6009b86cbbe6a17d7308c8cc0ec02904881546061e625e020e3173e84830ff10eb9ef851534da54c8261d68d81b7322bfb794256d628e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
20KB

MD5
dbec18190d558b47230a867ee851b0ce

SHA1
d043f88fad99932fef4f2d2ded555a6cac190682

SHA256
18fc102267f0ffe83d8ea142101e30ffac91655db477f45624eb74d668e61384

SHA512
3db483b69601acc3d304fde144c71b38ac931a94470075135ef5de2abde546930880e3f15f8a3c3c5a5f08bd03a43b0263fac561e86d2a0ad3deb61c2b964763

Download Submit
C:\Users\Admin\Downloads\AdwareFREE.zip.crdownload

Filesize
5.6MB

MD5
2e70a2d4d0abcadc64f6e28401b35537

SHA1
1e27e3cb6e726cc5ac166f19e867bc2148ccd5a8

SHA256
c5da1998dfe10cb9c583aca1eaa52ad1e7fc4a5ecf2f55cfb17323b4745ba70f

SHA512
cae7596c90eb607c88837d8c10e935461feadfab875be95eb003c7c18501367ea4452f34ea641b0371d53c183c583cf6c1dc4f194062b27221cf68f35e2dd238

Download Submit
C:\Users\Admin\Downloads\AdwareFREE.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe

Filesize
1.2MB

MD5
800116bdc6c7f221f72cf5f70eb755fd

SHA1
0345c897711b7c51a7a9634017ec0f8a535fbbe0

SHA256
3eee2d8dfede35e4ca450be208021e4dd6e425ca887c97b1baed029468db3fa0

SHA512
4cdef8f83a1bb881506bc0a31e91014c420a3136425f6b13374b701a981c82877cec69f466e90bc193ff454a199ceab5b7c46498bbc753866cf26b50eb9d93bf

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier

Filesize
58B

MD5
62b357aa482645b14953a52a12ca487e

SHA1
d8aa3e8da9d16b23f3d83867865ac344ebdbbf9b

SHA256
c18642d5ef09f900951c221a0ede462aa6aed43d101f8664be343b1532c33bed

SHA512
0e3a7cf8928b8273907c2469245616f15fee75b8502c4c841620aae32f6252bb42fe24c9cab27cde0081d9f2841bb2d93612022542f510031354ee5ce50ca20a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 115870.crdownload

Filesize
415KB

MD5
b780aaccece5850239b696cfac460afe

SHA1
522cebc74f9831c72b29aa20236f55d3549d6922

SHA256
b397cfa05e0589642d1e5e0988cdddb06cbe3728f999ca1bcead01fd59be5b0b

SHA512
4374cc5e3815839994edd645efe96c8ac6662b009f5c8f73224dcfae3e230365b5b7a533c7c61a224085dbd7f5832a5a055ded0aad69a6355fb08a4832522c64

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 236674.crdownload

Filesize
5.4MB

MD5
bddf2bd77a516c3a5cd07fa6d6a78222

SHA1
5e01689815b1923e900dee59d7bce7d71bf52a1a

SHA256
d3eacff5842bd5e482ed856ad9d770a01a30fd3e0c0041ef396fa45d3da9ebd1

SHA512
1c84a67bb632f1ea0f6fbf3f628a94b1c7da5b09772806139c9b80d952422375372824e56e52e9db8f008f1e32c65f32b05c5a8b801678297b5504c0eef1d70b

Download Submit
C:\Windows\Installer\e5f10a5.msi

Filesize
844KB

MD5
fa1d1c7870a7572e11fa3629d1f31188

SHA1
737dffe2e9bb15703feedb3cdbe49e05280d03f0

SHA256
c05ea653ccb8130bb0b60458bd1aa8453da2172577ed98ad8db09e3262ea1015

SHA512
f2782b793ea392cee16434d49d27c5e2d3667549bfc909282542a5b83af59bd732813970bec902476b9571375ec4c37127309391f6d805bdd0f173833f84d206

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
d47aa47dd363374c5d7addc38d1e03b5

SHA1
bda4e06c7f3b195d253ee8d16665a6e1afe0a83f

SHA256
4a01396127a1a003f9e2be30d4786cfcb9cf648ddf5ee534cd55fcc217febc38

SHA512
bd81eb6bfb6c18c2a380d25b8f55c9cd5666b2ed9a56fbfc0a82131fd4a8a959a20e1afc2c5f874a275a0ef52417b0301dd28296996a82599b2d59da7d5625fc

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
67c2efc9f0e38c878fef286ce52806ce

SHA1
961a5c1f74562fb9f4e8af0eacc14565fd8c1ac9

SHA256
fe706c1bfcd4411e062748921d1f59deed7c10c7a1cf99214efe4cffbdf81fc7

SHA512
ed91f5b286f53c3f848cc009166664939a15b495d4c88aa0c8e89f05d59caaaf1ef766ee7e8d80e198b6f08ec47798d1610558172291530d4e8ba2e0ef82a005

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
6c7fa67ea3995d3963f2bc6c5d574f64

SHA1
14a9cbedc8cbda51a3082217855db41d77b56924

SHA256
670be47854d9721c3296ba3ebcc45d6481cd433c1b6c5e36e5f58bbbbefc73ed

SHA512
0f9df36652a9630c1c252db45dd48f98a486aacd7a116359f7b61e61db1ab7099176200f5068b6ed5fe7302271d78494bcc213be446ced7eb296ac60bc0092ba

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveUpdate.exe

Filesize
163KB

MD5
9b061d9863757b582737d5d2fdb77892

SHA1
895c336bf2f06c9c6bfc75991be5bbb552c5b171

SHA256
d873aa864f45e204e8a79163d3a856737614fe3b0b7d1d519790e2d20cd83638

SHA512
f1faa7f250ce8ad69cccb1ad23f2ed958f2df17e0762ba2b516d570d2e36dadf9c82dfb35b3ddbdf7e689854e1cbd2c1cd2e53dc660f482854f4f1e747de0707

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
baace943cb69990a6f196cc77383cde7

SHA1
5dd2fd6d0f1edd0f0d22261eb8133563015c760d

SHA256
89f6a8374de8b18885cd57dd145abd45d620969bf3c978b078901ff33d53e770

SHA512
ba624e1f5ef2804dc682257ed52d2d23cc16d3c29e1f86cd3ace7275249c2389c689c94ea047109d9c1bc629ca47ca7191da58891fc29da908da2d2251fabb57

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
4c2d88ea04ab052af5216bfbacb8c0a1

SHA1
0f61fd87e6b7f2141bfe93e10faa145b425bb3a4

SHA256
06d5fd6ee925d306da651feffe0acab105bc3b3a71e7c9781037d2a75d52d96e

SHA512
3f85a94f4c11b340b1637c60af42ef3a672fe7cfce9e723e2f08e47916d403ed2141b835b8177b9ef0647691bb510750c2b4640b52246c9fd85accab6d056cbc

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\goopdate.dll

Filesize
1.0MB

MD5
f1f0b4c0ab01d4306faeee365b0dd5fc

SHA1
5afa4b636bb9e29a70701ab109174158fc69d0a9

SHA256
74a01f68ab2ee3afe873d3a01b2ea3229ff859651d5f56eb3393138beb4fca76

SHA512
2520befd3a688898f2c3d28dd2f4fbdc288a2f9e373ca3acf34bda9ac0a310356e4c9a0b39b8ab6425dbde04094df57addcf5e1fdded4e4f224927ac20c9f56b

Download Submit
C:\Windows\SystemTemp\GUME013.tmp\goopdateres_en.dll

Filesize
42KB

MD5
de5d5c2d3a7f3d50000d893084515535

SHA1
624a1ec63cfb43f6b6e5f65792f8ca4933d0748b

SHA256
b8f02651ae7a76a859e9474f03b4772ddc5b50ac4c7a607f923644376607e40d

SHA512
af454c047f5ab67c0f143aa25461413b35f9731284d911bef5e260f5586122e36386bc5847d8cac872a71dd237d262a9b9ca3a512aad89594ae7052f10cdc75d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1188452573\manifest.json

Filesize
595B

MD5
02cc7e44b2fcab7d7aa8d0d7f7b1a50e

SHA1
d6d7b30f4d68134797e4bcbfa0006bdf18d15bae

SHA256
e3652ef484a60b9ab213d4dbf462337acbc1cd63a4cf958bf06dfb574ecb5c8a

SHA512
760c37eec18199eca62e79d476f3059138643ce8798bd09f1e85e01a179da7792c0ea6dd35dfcb9431481ad9a44e7d3cc7e9c1bf0f2bf4c7474015ebfbe3d90a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1354092525\manifest.json

Filesize
592B

MD5
4b8a8029d5389dcc9953b927ddcf89fc

SHA1
a0ec237c52b4a76cc1846879820fde60261bd9f2

SHA256
5b7e38c50bb254ddfb9f6b5645fd3f8e6dd7c553254278640419a9393f0eb03d

SHA512
8c0992aabcb6e4fde578542c2506e96236cd14a16e207c4e28fc9d08109456ed9e1e7fb372ae0e78950a2d22fa7aa2c3b2e619aa741edc27133cc2118b79a8a5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1431492348\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_1998068644\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_2082945216\manifest.json

Filesize
585B

MD5
d76e1e5a55853c802800c78a84531bda

SHA1
7bc590a985e7a8302535f3b02ff01910c153235e

SHA256
19f1a35a7bc7acf7ebd4b871a542e2cdd86fa30ea42dc52e4216f2c5bb207d11

SHA512
eefb3e485ad5c3543e502d1e78e75df05d458c21c807672e8ab86e851bd034a0cb9f16d4795cd6a752e90c0ebcbaf5e8d9fe795102938fda817fe224288ba125

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_255053475\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_256626971\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_259985719\manifest.json

Filesize
546B

MD5
9297097f2da8c015f8a94acd2d181d50

SHA1
cf366a3171379a80449ddb7755986d66c53ca73f

SHA256
bf8426137ed6822b8e2e2040833273fdc754723db588a834c293a63b0d551157

SHA512
1f0aa5d1f566cbcbdea6a73551e3a4da3f7ed520d0e4591c699eb50a398dd355cf58ed178c7bc950da8e9c02a8c9d9c1e5533270e81dc8df1bf5b36fb9c2b15a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_315360652\manifest.json

Filesize
95B

MD5
ae588736e71ddf1f3891ae7429377dda

SHA1
0de3ce471ed304c9112613101902bdb8d61a9d11

SHA256
5fc9e1150f93cbefad85445e7c8a332c252d8a740836b15337e38473e61eb7c1

SHA512
9ee3fd4391baf55df0827cf2e46489a23c24884f691c64e7b56460d9e20c0d3abdcafaabeec127079b66d41665e11bca43e68a4feb352b7e0a7003f376c33717

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5144_784869954\manifest.json

Filesize
578B

MD5
b6ce03aa3bd8d45e95910bbad262a380

SHA1
7b911f52ef248db0da47f6b06126bac04c19443f

SHA256
df1fb60caa2bd2f044e940ff64716f79403eb34021b06ee3989e0a323292f961

SHA512
8ec378d6ae63e2b115a905386edef39aa37f4fd723c762727563ab602023cd3f2adb8e0d92ccab50fe8f9f78d4d8e2edf1d4fdaa0d1c3d25e4296f81dcea7ffb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1246324907\manifest.json

Filesize
108B

MD5
312e4f3903c4c44432bba32d05890b50

SHA1
1c43d85b5119f09224f7def6054fcb141c08a4ab

SHA256
44ba2dcd8dcdc22358d9e178a17ea739b2712565b088bba7f665370afdf7dbbb

SHA512
6840d317d2af8c1f0da8f1c448a276228c1b3250c5216c03316b78c26e0703cbcd335b3f11d499e12800328e40f4eafb238552cbc4e038cb8c1ea89142f9a304

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1340505997\manifest.json

Filesize
73B

MD5
82bd4111745c8a653cc0355e8816305f

SHA1
b7bf21d43d4e5717199415301c4cb8495cd9730b

SHA256
fcf10c7298470cfc233e8b87e4765cf4afb8fc3d84048bb84f7f441f7d6ad868

SHA512
19bc6307ec4274cb3a399450b8fc9d877ccfc25642e529faa87ab1ab85ba2317eee21c9cbbf8baefc2c3a4315a66cb19e479d27b800d1ace737b32b8a479f1d9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1449872479\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1603570096\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_1937719294\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_549310192\manifest.json

Filesize
108B

MD5
95a4ce489e7170e41dc74ae984787097

SHA1
3aa6ec73fd4620fb7a2e1946c42e443a887d07a2

SHA256
64f88606e2e32380555b12f0a3c8ff5a262f35c676cec1faa36f1f03530a9744

SHA512
d1a3b453ce6d40cbc2618eca75e68c952d483d299316cfc9b9e111cd9de2aa930f55882401383e04b77ea1bfbf2a44f47d0ccc98b84209c59ebdb964fd62a089

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_682922815\manifest.json

Filesize
72B

MD5
9a5a99da362e84f6bc53460440088105

SHA1
3f423954c63ec8e57c00dfac30b15059f96ba7c0

SHA256
83944ef33ffcbeb4895d21cdb0b65b0712763d7953d6689a659441f378ead1eb

SHA512
d69bc1ae132dec4b28046f66845f572ff552e8c650c08d6dcfdfd8d71ba04904e7771b959cecfa145909cdabeaaee4102ceaf7eeae71f59954b03a07a47585c0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5812_950293964\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
memory/2460-7190-0x0000000070EB0000-0x0000000070EB9000-memory.dmp

Filesize
36KB

Download
memory/2460-7191-0x0000000070EB0000-0x0000000070EB9000-memory.dmp

Filesize
36KB

Download
memory/3124-7296-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7297-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7301-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7302-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7304-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7303-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7300-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7299-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3124-7298-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/3448-6366-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6365-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6363-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6362-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6356-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6357-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6355-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6361-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6367-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/3448-6364-0x000001CA18F50000-0x000001CA18F51000-memory.dmp

Filesize
4KB

Download
memory/4240-4150-0x0000000001D50000-0x0000000001D77000-memory.dmp

Filesize
156KB

Download
memory/4240-4154-0x0000000003660000-0x0000000003725000-memory.dmp

Filesize
788KB

Download
memory/4908-0-0x0000000000400000-0x000000000053B000-memory.dmp

Filesize
1.2MB

Download
memory/4908-2-0x0000000002560000-0x00000000025BC000-memory.dmp

Filesize
368KB

Download
memory/4908-1-0x00000000023B0000-0x00000000023C7000-memory.dmp

Filesize
92KB

Download
memory/4908-28-0x0000000002560000-0x00000000025BC000-memory.dmp

Filesize
368KB

Download
memory/7068-4157-0x0000000001570000-0x0000000001635000-memory.dmp

Filesize
788KB

Download
memory/7068-4135-0x00000000009F0000-0x0000000000A17000-memory.dmp

Filesize
156KB

Download