darkcomet | hxxp://151[.]106[.]34[.]115[:]6573/svhost[.]exe

Analysis

max time kernel
899s
max time network
900s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22/01/2025, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://151.106.34.115:6573/svhost.exe

Score

10^/10

darkcomet xmrig firefox defense_evasion discovery miner persistence privilege_escalation rat spyware stealer trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

firefox

falk.twilightparadox.com:4441

Mutex

DC_MUTEX-06MWGLU

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
vTbEhVczmF0S
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	update.bat

Modifies security service 2 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start = "4"	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start = "4"	msdcsc.exe

Windows security bypass 2 TTPs 4 IoCs

defense_evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	msdcsc.exe

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/files/0x001a00000002aabb-49.dat	family_xmrig
behavioral1/files/0x001a00000002aabb-49.dat	xmrig

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\132.1.74.48\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Manipulates Digital Signatures 1 TTPs 40 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	reg.exe

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3380	attrib.exe
6644	attrib.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
3920	svhost.exe
4008	BraveBrowserSetup-BRV002.exe
3836	BraveUpdate.exe
1064	BraveUpdate.exe
1612	BraveUpdate.exe
4464	BraveUpdateComRegisterShell64.exe
4692	BraveUpdateComRegisterShell64.exe
1172	BraveUpdateComRegisterShell64.exe
4492	BraveUpdate.exe
4820	BraveUpdate.exe
1700	BraveUpdate.exe
4720	brave_installer-x64.exe
4068	setup.exe
1520	setup.exe
1912	setup.exe
1036	setup.exe
5024	BraveUpdate.exe
2664	BraveUpdateOnDemand.exe
444	BraveUpdate.exe
2272	brave.exe
3632	brave.exe
848	brave.exe
1344	elevation_service.exe
1592	brave.exe
4436	brave.exe
4932	brave.exe
1600	brave.exe
6116	brave.exe
5676	brave.exe
1936	brave.exe
5484	brave.exe
1616	brave.exe
1324	brave.exe
5328	brave.exe
5716	brave.exe
6396	brave.exe
6436	brave.exe
6704	chrmstp.exe
6748	chrmstp.exe
6796	chrmstp.exe
6824	chrmstp.exe
6976	brave.exe
6048	brave.exe
5536	brave.exe
6456	brave.exe
6444	brave.exe
6616	brave.exe
6452	brave.exe
6804	brave.exe
3716	brave.exe
1764	brave.exe
6336	brave.exe
5708	brave.exe
6408	brave.exe
5644	brave.exe
6996	brave.exe
4588	BraveUpdate.exe
4688	BraveUpdate.exe
5164	BraveUpdate.exe
5768	BraveCrashHandler.exe
4556	BraveCrashHandler64.exe
1192	BraveUpdate.exe
5916	𝘚𝘌𝘛𝘜𝘗.exe
1552	BraveUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
3836	BraveUpdate.exe
1064	BraveUpdate.exe
1612	BraveUpdate.exe
4464	BraveUpdateComRegisterShell64.exe
1612	BraveUpdate.exe
4692	BraveUpdateComRegisterShell64.exe
1612	BraveUpdate.exe
1172	BraveUpdateComRegisterShell64.exe
1612	BraveUpdate.exe
4492	BraveUpdate.exe
4820	BraveUpdate.exe
1700	BraveUpdate.exe
1700	BraveUpdate.exe
4820	BraveUpdate.exe
5024	BraveUpdate.exe
444	BraveUpdate.exe
444	BraveUpdate.exe
2272	brave.exe
3632	brave.exe
2272	brave.exe
848	brave.exe
848	brave.exe
1592	brave.exe
4436	brave.exe
1592	brave.exe
4436	brave.exe
4436	brave.exe
4436	brave.exe
4436	brave.exe
4436	brave.exe
4436	brave.exe
4436	brave.exe
4932	brave.exe
1600	brave.exe
4932	brave.exe
1600	brave.exe
6116	brave.exe
6116	brave.exe
5676	brave.exe
5676	brave.exe
1936	brave.exe
1936	brave.exe
5484	brave.exe
5484	brave.exe
1616	brave.exe
1616	brave.exe
1324	brave.exe
1324	brave.exe
5328	brave.exe
5328	brave.exe
5716	brave.exe
5716	brave.exe
6396	brave.exe
6396	brave.exe
6436	brave.exe
6436	brave.exe
6976	brave.exe
6976	brave.exe
6048	brave.exe
6048	brave.exe
5536	brave.exe
5536	brave.exe
6456	brave.exe
6456	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Windows security modification 2 TTPs 2 IoCs

defense_evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	msdcsc.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	update.bat

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
623	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 6 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5504 set thread context of 796	5504	msdcsc.exe	433

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001800000002b4a2-7078.dat	upx
behavioral1/memory/576-7128-0x0000000000400000-0x00000000004C7000-memory.dmp	upx
behavioral1/memory/5504-7198-0x0000000000400000-0x00000000004C7000-memory.dmp	upx
behavioral1/memory/796-7199-0x0000000000400000-0x00000000004C7000-memory.dmp	upx
behavioral1/memory/5504-7200-0x0000000000400000-0x00000000004C7000-memory.dmp	upx
behavioral1/memory/576-7202-0x0000000000400000-0x00000000004C7000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lv.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\sl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\te\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\SETUP.EX_	brave_installer-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\brave_100_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\te.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\bn\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\el\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\en_GB\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_nl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\ja.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\he\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\it\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sv\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_no.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\hu.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\lv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en-GB.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\brave_vpn_helper.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\Recovery\GURCA20.tmp\BraveUpdateSetup.crx3	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_hr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\id.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sk\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lt.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\da.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fil\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sr\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\vi.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\es\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\7aadd13d-f05a-4b23-a6e2-3cc31576e8a8.tmp	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_kn.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fr\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe	BraveUpdate.exe
File opened for modification	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\1912_13382028902957408.pma	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\nb\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\BraveVpnWireguardService\brave_vpn_wireguard_service.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShellArm64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sk.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\ko.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\ml.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_et.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\hr.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ro.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_tr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\libGLESv2.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\fi.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\nl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4068_688514052\Chrome-bin\132.1.74.48\Locales\ru.pak	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1339284201\Preload Data	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_bg.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1854787146\1\scripts\brave_rewards\publisher\twitch\twitchBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_2014646955\crs.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1632752555\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\BraveCrashHandler.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdate.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_en-GB.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2272_383560251\extension_1_0_1858.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1385406593\mohammad-usaid-abbasi.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1367856819\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2272_45764064\ggkkehgbnfjpeggfpleeakpidbkibbmn_2024.12.19.1218_all_fv3otvkif6vzxcwwn5ycxdrxpq.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_979277545\e1a795ce-158b-433d-91e1-e303dd33c29f.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1854787146\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_363708411\crl-set	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1385406593\nadeem-choudhary-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_499896742\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-pt.hyb	brave.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp\GUT32E4.tmp	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_sk.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\chromium_installer.log	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_979277545\photo.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_360855615\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1937206809\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-kn.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2272_1892913519\efniojlnjndmcbiieegkicadnoecjjef_1199_all_ofq4u6qtfjz6q2nilsofuq6t7a.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_pl.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_314225070\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1227825730\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateCore.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-ru.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-bg.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1385406593\StudentNTP_Aurora-Tennant_x1140.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1937206809\safety_tips.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-fr.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ml.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1854787146\1\scripts\brave_rewards\publisher\reddit\redditAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1385406593\aleks-eva-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-en-us.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateComRegisterShell64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_hi.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_363708411\LICENSE	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1385406593\gordon-ross-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-mul-ethi.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_it.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1800160688\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-sl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-gl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_2014646955\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\psmachine_64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_hr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_979277545\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_43434523\manifest.json	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\svhost.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateBroker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	𝘚𝘌𝘛𝘜𝘗.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4492	BraveUpdate.exe
5024	BraveUpdate.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
5336	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820288288321232"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ = "ICoCreateAsync"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}\ = "PSFactoryBuffer"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc.1.0\ = "BraveUpdate Update3Web"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods\ = "8"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ = "IApp2"	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}	BraveUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C021D009-DA33-4564-82F8-BA95410436F6}\InprocHandler32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods\ = "13"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\NodeSlot = "13"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}	BraveUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\ = "Interface {F396861E-0C8E-4C71-8256-2FAE6D759CE9}"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	brave.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\Elevation\Enabled = "1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{28C83F57-E4C0-4B54-B187-585C51EE8F9C}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass	BraveUpdate.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
2336	reg.exe
5252	reg.exe
5364	reg.exe
5760	reg.exe
6140	reg.exe
1344	reg.exe
7116	reg.exe
5760	reg.exe
4744	reg.exe

NTFS ADS 16 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\2e08bdc3-5bfb-4057-98e9-f20b69cfe9cb:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\a2361b8d-e737-4dff-8def-491dc9a290b7:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\cdc94bc9-b0d3-497f-b833-9c6cb8988c0b:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Desktop\update.bat:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025).zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Desktop\delete_chrome_policies.bat:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\039106ff-30b5-4803-b9d0-46af7d772da5:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Documents\MSDCSC\msdcsc.exe\:Zone.Identifier:$DATA	update.bat
File opened for modification	C:\Users\Admin\Downloads\svhost.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\fa11a7ed-7461-4d32-a7fd-7eb9299b8822:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\86d2f6bc-1b81-4495-9ba3-7b20156e74eb:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Desktop\SharpHound.ps1:Zone.Identifier	brave.exe
File created	C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\b9358fbc-3f3d-4047-80f0-be20f8973964:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\e571c53a-c0d6-422e-8055-cc3b4aad7d62:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
6440	explorer.exe
6280	explorer.exe
7088	explorer.exe
6240	explorer.exe

Suspicious behavior: EnumeratesProcesses 57 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
4816	chrome.exe
4816	chrome.exe
4820	BraveUpdate.exe
4820	BraveUpdate.exe
5024	BraveUpdate.exe
5024	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
3836	BraveUpdate.exe
2272	brave.exe
2272	brave.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
6836	chrome.exe
6836	chrome.exe
5644	brave.exe
5644	brave.exe
5164	BraveUpdate.exe
5164	BraveUpdate.exe
3988	chrome.exe
3988	chrome.exe
5916	𝘚𝘌𝘛𝘜𝘗.exe
5916	𝘚𝘌𝘛𝘜𝘗.exe
4688	BraveUpdate.exe
4688	BraveUpdate.exe
1552	BraveUpdate.exe
1552	BraveUpdate.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3140	chrome.exe
3140	chrome.exe
3172	brave.exe
3172	brave.exe
3140	chrome.exe
3140	chrome.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
2688	brave.exe
2688	brave.exe
3444	powershell.exe
3444	powershell.exe
3444	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
7088	explorer.exe
6644	OpenWith.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
684	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
2272	brave.exe
2272	brave.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
2272	brave.exe
4816	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
2272	brave.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe
5676	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3012	brave.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe
3140	chrome.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
2456	OpenWith.exe
6728	brave.exe
4076	brave.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
6644	OpenWith.exe
3272	brave.exe
796	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 2356	4536	chrome.exe	77
PID 4536 wrote to memory of 2356	4536	chrome.exe	77
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 1940	4536	chrome.exe	78
PID 4536 wrote to memory of 4068	4536	chrome.exe	79
PID 4536 wrote to memory of 4068	4536	chrome.exe	79
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80
PID 4536 wrote to memory of 2100	4536	chrome.exe	80

System policy modification 1 TTPs 3 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern\NoControlPanel = "1"	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern	msdcsc.exe

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3380	attrib.exe
6644	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://151.106.34.115:6573/svhost.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3008,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4832,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4840,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3156,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3264,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2996
- C:\Users\Admin\Downloads\svhost.exe
  "C:\Users\Admin\Downloads\svhost.exe"
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5032,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3164,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3364,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3040 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5540,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5824,i,16887568145050331986,5859410248246455584,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1060
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:4008
- - C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdate.exe
    C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3836
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1064
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1612
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4464
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4692
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1172
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszNTQ5NkUzQS0xOEIxLTQzOTQtOUQ5Ri03MTE1RDEyMjVBNEZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NEMxREIxNTMtQjA1Ni00NENDLUI4N0EtMTFGQTNCNkYzRkI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY1NSIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4492
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{35496E3A-18B1-4394-9D9F-7115D1225A4F}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4820

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3584

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1700
- C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\gui8AF7.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4720
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\gui8AF7.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:4068
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7f9f5e4c8,0x7ff7f9f5e4d4,0x7ff7f9f5e4e0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1520
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\gui8AF7.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1912
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{6CC10F20-3E34-45FD-AD5E-7638A2B7EB07}\CR_54F18.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7f9f5e4c8,0x7ff7f9f5e4d4,0x7ff7f9f5e4e0
        5⤵
        Executes dropped EXE
        
        PID:1036
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszNTQ5NkUzQS0xOEIxLTQzOTQtOUQ5Ri03MTE1RDEyMjVBNEZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzQ2NEQ1QTAtM0MwOC00NkE2LUEzRTktMTA2MzI2OTZBRDkwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMi4xLjc0LjQ4IiBhcD0icmVsZWFzZSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS9yZWxlYXNlL3dpbi8xMzIuMS43NC40OC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgZG93bmxvYWRfdGltZV9tcz0iMTMyMTkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMyOCIgZG93bmxvYWRfdGltZV9tcz0iMTQ4OTQiIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgaW5zdGFsbF90aW1lX21zPSIzMjQ5NyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5428,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5172,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3504,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3300,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3180,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3248,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5260,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4888,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5364,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3064,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5844,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5500,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5832,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5576,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3408,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5460,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5656,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6220,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5708,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1120,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5572,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4400,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4568,i,9982594731962496836,12713764101317702895,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:6692

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5008

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2664
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:444
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2272
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7fff8299fd08,0x7fff8299fd14,0x7fff8299fd20
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3632
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4436
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1900,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2076 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:848
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2344,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2560 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1592
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10898525642981130219 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3408,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1600
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=10898525642981130219 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3420,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=3564 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4932
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5040 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6116
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10898525642981130219 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5252,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5088 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5676
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5516,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5532 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1936
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5632 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5484
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4792,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5784 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1616
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5792,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5708 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1324
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5776,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5612 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5328
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5952,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6084 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5716
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6248,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6256 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6396
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5696,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5700 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6436
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:6704
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x210,0x258,0x7ff6a95ce4c8,0x7ff6a95ce4d4,0x7ff6a95ce4e0
        5⤵
        Executes dropped EXE
        
        PID:6748
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        
        PID:6796
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6a95ce4c8,0x7ff6a95ce4d4,0x7ff6a95ce4e0
        6⤵
        Executes dropped EXE
        
        PID:6824
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4776,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5556 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6976
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5768,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5544 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6048
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5656,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6296 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5536
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6200,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6136 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6456
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6352,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6312 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6444
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5548,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6032 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6616
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5448,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2860 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6452
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2892,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5788 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6804
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6008,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6280 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:3716
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5756,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5680 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1764
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2504,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5680 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6336
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5800,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5804 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5708
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2860,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=6316 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:6408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5064,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5076 /prefetch:10
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5644
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10898525642981130219 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=2876,i,9935037012995992839,7154633713606051949,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2884 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:6996

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
1⤵
PID:5876

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
PID:5304

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1324

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:6440
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  PID:6664
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  PID:6444
- - C:\Windows\system32\reg.exe
    REG DELETE HKLM\SOFTWARE\Policies\Microsoft /f
    3⤵
    - Manipulates Digital Signatures
    - Modifies registry key
    PID:5760
- - C:\Windows\system32\reg.exe
    REG DELETE HKCU\SOFTWARE\Policies\Microsoft /f
    3⤵
    - Manipulates Digital Signatures
    - Modifies registry key
    PID:4744
- - C:\Windows\system32\reg.exe
    REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects /f
    3⤵
    - Modifies registry key
    PID:2336
- - C:\Windows\system32\reg.exe
    REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f
    3⤵
    - Modifies registry key
    PID:5364
- - C:\Windows\system32\gpupdate.exe
    gpupdate /force
    3⤵
    PID:3728

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:6436

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1672,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,14369673922597748737,7794082277583201040,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:572
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff649c64698,0x7ff649c646a4,0x7ff649c646b0
    3⤵
    PID:5952

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4268

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:1944

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
PID:4552

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2640

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
PID:6280
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  PID:6156
- - C:\Windows\system32\reg.exe
    REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy /f
    3⤵
    - Modifies registry key
    PID:5760
- - C:\Windows\system32\reg.exe
    REG DELETE HKLM\Software\Policies\Microsoft /f
    3⤵
    - Manipulates Digital Signatures
    - Modifies registry key
    PID:6140
- - C:\Windows\system32\reg.exe
    REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f
    3⤵
    - Modifies registry key
    PID:1344
- - C:\Windows\system32\reg.exe
    REG DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f
    3⤵
    - Modifies registry key
    PID:5252
- - C:\Windows\system32\reg.exe
    REG DELETE HKCU\Software\Policies\Microsoft /f
    3⤵
    - Manipulates Digital Signatures
    - Modifies registry key
    PID:7116
- - C:\Windows\system32\reg.exe
    REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" /f
    3⤵
    PID:3412
- - C:\Windows\system32\klist.exe
    klist purge
    3⤵
    PID:6696
- - C:\Windows\system32\gpupdate.exe
    gpupdate /force
    3⤵
    PID:6672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3287:142:7zEvent11441
1⤵
PID:6792

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\" -an -ai#7zMap1134:216:7zEvent16151
1⤵
PID:4136

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\Steps of Installation.txt
1⤵
PID:4724

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4588
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5164
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5768
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1192

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\𝘚𝘌𝘛𝘜𝘗.exe
"C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\𝘚𝘌𝘛𝘜𝘗.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4744,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4324,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4340,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3280,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4516,i,9402348815743482126,2104018466487803249,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5228

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1552

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:5580

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3012
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff8299fd08,0x7fff8299fd14,0x7fff8299fd20
  2⤵
  PID:3040
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=2220,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2232 /prefetch:11
  2⤵
  PID:4856
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2392,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2344 /prefetch:13
  2⤵
  PID:1484
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3808,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3812,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5104,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5160 /prefetch:14
  2⤵
  PID:4556
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5164,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5176,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5324,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14673221258913760418 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=956,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5548 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6728
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5192,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  - NTFS ADS
  PID:896
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5428,i,7072885627730795491,6847406951641143937,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5784 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"
1⤵
PID:5796

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\delete_chrome_policies.bat"
1⤵
PID:3900
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - Kills process with taskkill
  PID:5336
- C:\Windows\system32\gpupdate.exe
  gpupdate /force
  2⤵
  PID:5568
- C:\Windows\system32\reg.exe
  reg delete HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome /f
  2⤵
  PID:7044
- C:\Windows\system32\reg.exe
  reg delete HKEY_LOCAL_MACHINE\Software\Policies\Google\Update /f
  2⤵
  PID:1976
- C:\Windows\system32\reg.exe
  reg delete HKEY_LOCAL_MACHINE\Software\Policies\Chromium /f
  2⤵
  PID:436
- C:\Windows\system32\reg.exe
  reg delete HKEY_LOCAL_MACHINE\Software\Google\Chrome /f
  2⤵
  PID:6652
- C:\Windows\system32\reg.exe
  reg delete HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment /f
  2⤵
  PID:3596
- C:\Windows\system32\reg.exe
  reg delete HKEY_CURRENT_USER\Software\Policies\Google\Chrome /f
  2⤵
  PID:6708
- C:\Windows\system32\reg.exe
  reg delete HKEY_CURRENT_USER\Software\Policies\Chromium /f
  2⤵
  PID:3348
- C:\Windows\system32\reg.exe
  reg delete HKEY_CURRENT_USER\Software\Google\Chrome /f
  2⤵
  PID:7040
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}" /v "CloudManagementEnrollmentToken" /f
  2⤵
  PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=2132 /prefetch:11
  2⤵
  PID:6388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=2220 /prefetch:13
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4424,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4824,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4912 /prefetch:14
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5092,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5104 /prefetch:14
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4436,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3328 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4344,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5124 /prefetch:14
  2⤵
  - NTFS ADS
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5144,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4620 /prefetch:14
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4308,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5388 /prefetch:14
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=3324,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5168 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=3740,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3312 /prefetch:14
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5228,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5412,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3364 /prefetch:14
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=3364,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4868 /prefetch:14
  2⤵
  - NTFS ADS
  PID:7004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5528,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5380 /prefetch:14
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5356,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4432,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4464 /prefetch:14
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4440,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4496 /prefetch:14
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5484,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5212 /prefetch:14
  2⤵
  - NTFS ADS
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5140,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4500 /prefetch:14
  2⤵
  - NTFS ADS
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4476,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=5296 /prefetch:14
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=5100,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3436 /prefetch:14
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=4524,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4812 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --no-appcompat-clear --field-trial-handle=3284,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=4364 /prefetch:14
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3484,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3428,i,12664547323015273151,12393155127085164019,262144 --variations-seed-version=20250121-180208.859000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1688

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:6676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6300

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5404

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:3312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:2080

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
PID:2128

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:840

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:7088
- C:\Windows\system32\UserAccountControlSettings.exe
  "C:\Windows\system32\UserAccountControlSettings.exe"
  2⤵
  PID:6060

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4996

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5424

C:\Windows\system32\UserAccountControlSettings.exe
"C:\Windows\system32\UserAccountControlSettings.exe" /applySettings
1⤵
PID:6280

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5676
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8299fd08,0x7fff8299fd14,0x7fff8299fd20
  2⤵
  PID:6032
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1924,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=2180,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2228 /prefetch:11
  2⤵
  PID:2116
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2432 /prefetch:13
  2⤵
  PID:3400
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3812,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3816,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3800,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4852,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4904,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4156,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4840 /prefetch:14
  2⤵
  PID:5568
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5188,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4844,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4884,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4908 /prefetch:14
  2⤵
  PID:2080
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5160,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5580,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4352,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4940,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5616,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4192,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4176,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5680,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5464,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5156,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=2904 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4076
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5608 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3360
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5500,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5184 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5764,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4056,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=4848 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3272
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4940786962267845265 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5496,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5096,i,6415727572639052552,1752717141036561704,262144 --variations-seed-version=main@bfdfc53f468701ee8776fc02ea86dbf45a3c6b09 --mojo-platform-channel-handle=5116 /prefetch:14
  2⤵
  - NTFS ADS
  PID:1928

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"
1⤵
PID:5892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4508

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateBroker.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateBroker.exe" -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1832
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /broker
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3476

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /medsvc
1⤵
- System Location Discovery: System Language Discovery
PID:6408

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
PID:2072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6644

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
PID:6832

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6316

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:6240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\update.bat"
1⤵
PID:1052

C:\Users\Admin\Desktop\update.bat
"C:\Users\Admin\Desktop\update.bat"
1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:576
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop\update.bat" +s +h
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5436
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\Desktop\update.bat" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:3380
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop" +s +h
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2976
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\Desktop" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:6644
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
  2⤵
  - Modifies security service
  - Windows security bypass
  - Windows security modification
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - System policy modification
  PID:5504
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies security service
    - Windows security bypass
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\setup.exe

Filesize
4.4MB

MD5
68cb538abee1e6f982bb3e227f644880

SHA1
8374784a94675c9d7a7b6b8642288b3c9a24d1ea

SHA256
f570090435611bbdc706203e57a4c3e767f179608c1ebac48e72decb2895d659

SHA512
2e1f70385858f95ca988f0eb7cb26279b1f0fa6a0339d9dfeb10758acfd64c16f7a02b3ffe284f26bfa8499870448ed34cfbd55560595113c3bce3a61989f195

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\0dd45d81-3bcd-4cff-a021-892b91c5a506.tmp

Filesize
91KB

MD5
16989f39c0d2f788b5a8de9d1d9e3948

SHA1
9f104372c459ffb0733dae21ea9102eaa594fce5

SHA256
4ac42b27f34c08a3b35fe9d4ab677e7c581a9d55ceb392e43d3f367421ac6e54

SHA512
5f57635cbb43ccf4e26db24eb671404aded2a7449ae09e60d9f5ba06eb89341293c6353752ee37d8e8251c3c824039ccc5574859c31fd7d0b06c956b128b7103

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\181853c0-3d0c-4e18-9fd6-95b3438a30cd.tmp

Filesize
84KB

MD5
18842729f7b02ae7bc3e398421a83ba1

SHA1
feb3d39cf1e948336f2b36b2d4a597fee691ec71

SHA256
c937969f93ee6b0e30c61e916c99fd3b8ab06356791fe1c5831382bf503b1c19

SHA512
19a54f2d79ca6c01c57ba3c5fbe73f3c9757f95552feccf98310d9435c070e961d6083c41ea2b9af4413d01bc890ac630653cc652a80e78b7bd190280fbbbd9a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\5d47a147-6ad5-47ae-8c8d-85ca315a57e2.tmp

Filesize
52KB

MD5
67f15ef8d7c87f6e013c94b28f635822

SHA1
02edeb93328db3acf92772dc172ad0f0c6962414

SHA256
b0f22ef9d2549328cdbc3282d620f8ed3d604d675224f0f0f05487d2cb3bde78

SHA512
f0ee6eddcad543f516a134f055d02858867319d83bdbe04736a2ebf59bbc2aabed7745aa8d9ae346637c9d863bd485b469ee44561b6748e3991277d3eb45b6e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9506\crl-set

Filesize
605KB

MD5
675aa430890b748eff1e24734533b4ed

SHA1
512bcc73cc97090c37852ac675f42f0377e9f2d2

SHA256
2c08f17bb12ee758a5075b0d87abdda7e0d76e2163695448fe899ec15e165939

SHA512
456105e3c2ee43908d89dd013eccbe8c66e234006fc3668363abfca2341faed1c7b600f749091d1c16e4f60f152bc60d4686e58894268a8cb6c3576099a3236c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9939e1e828739f8fea1d28a8eceb091d

SHA1
7ff0f39d97906dd4ff812bf016b9f2b5c7e41edb

SHA256
5779c9bbc46e09b817ebcbc1543877634231085020e8ba4a72c7a18a64407697

SHA512
3d041cb5a312cbb57eb63de7aa1e317ae4fbc00e405abda4f78636c348f945ed68a846364db9a20d4a88a495d48f6488dac62cbfd9a545add4f94f2ca1cfe54b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000047

Filesize
496KB

MD5
2ee7ab4d21ac0918cef950d526621af9

SHA1
75f806ba6a212c75ca402a5336919106d3b025b5

SHA256
08c6d2a7f3ec3bd7b4a440f9b6229d43de33c10d84235e3d4eb7d60318db9648

SHA512
be551d275ed25cc487b52ac630bc73bd580ca8eb05077a9de01f35b7c0778c8ec913e669b6268f264560007ff63929c16a0701c217c86a38222b9776d3c89386

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000049

Filesize
25KB

MD5
eaada6072444aeab5b1f4fd3165ec7f1

SHA1
44fd8143874ada15cd1800edc397924c90238d70

SHA256
e6829790660996ed11318f0fe6ac182138ef8d738761e3753d41ac9d5056cb8c

SHA512
66f1d54e7787e22ee7578d929bf3336e10405825db12376b6b0733fb25ba7bfbd12db6db31a707ac9c6c791fe6efe7e745f0b88ffb8281acd03f42f806ba46e4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
214KB

MD5
59cd93e78422c682829b695087aa750b

SHA1
09995899c2eefa4aef3d19383098a051a5095c9d

SHA256
52110a0e17e8ee782f45a44f1224fa6f4f2a4ad51357886d08180fa2158033b9

SHA512
c6c85107258ed8a84689dd564d441d6fa56f0d930ca082d7e48731194e20fa151bc45ad899c6d9635e568b6d9870fd3657d28003969ca9b11343d38c8713e7a5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
174KB

MD5
21f277f6116e70f60e75b5f3cdb5ad35

SHA1
8ad28612e051b29f15335aaa10b58d082df616a9

SHA256
1537b0c18a7facad4bdfa9ae3ec84095c91467aa5cfc1d8af2724909703c2fe4

SHA512
e619f92b1ec91e467e4b11d5ad25c99b62c7216f9da81c159ae0c9ef3f9e75f48dde7bad09ee38727b5a14b827f3b813c196504057708cbfaf4bc67dbd032816

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\CdmStorage.db

Filesize
160KB

MD5
e9fcb41b1fee21cd572a91184c8c23b8

SHA1
699099abc30e0d96c364a68f967bd2e26a1535b7

SHA256
68590788b1ba533d2f2ca85f81dc711238a37a095722823f5651177b38fc2b61

SHA512
30393a706900f3ab4f16ff326a7a9da68863ee254c2c9bb5d8bcfc95239f919b8bb3c392c064c1bfb86c23344769ded300f2c11284ecf89ee8a09d5284f968cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\0de658187385c341_0

Filesize
2KB

MD5
2cbc8ee228adeb0e01cf791a27076db1

SHA1
54b763e320e361477b6f56a90bfae9e575663d07

SHA256
31c815632ce98f76fa354f1f32797c160455f5116d4ca57a903f9f3cb7fec263

SHA512
333b38eee919b17044b7b5d2fc5814688ea80e327caa830e91ba60abde7ae80e8f8eef5d600b9b920c467cab2cf957aebad76626a75b5958dd494c6277d0bd50

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
deffe659748219d71111729ddd49e2ac

SHA1
52e1e314653c7fee11db49013d40ef0af0881cbe

SHA256
aef98c5c15f3e2368629830a3397af1f20cafce36eaa29c7acd2f253c236ac80

SHA512
12039fa48b666032042613d2187d02ed9531bc2f03d0eefd60ab2e03dbb9d9f105a528c57e072b71432b3996681102eae3f6e1d6f3a51a468b8c478871f21207

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3d4160e07861e4846046dab8e7ff0e31

SHA1
e4878780a9c234aab951da16b2ef8cced93d9477

SHA256
0b078ee7c58326a40dbc93390d50f42ca25c3816579fbde339c0e1ccefe766ff

SHA512
10349676a5682d0144025bbf775a5c0794576217068ed50245b327c50bea271f1f19c92acf56407be057fab62bc53f0d7cba8fe6a56a7f926f7e605aeeb67c06

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
979c02476546e91d26ea56e017b0bef8

SHA1
5894c7380bf7e5614859018bceb26141dd910a26

SHA256
01948453ead40f81f0440f23c85474660b88efc61bd60a7fab16cc62aa0c0198

SHA512
3f8b28dedbd31cba004ad9e33e8f9ec853c22f17a95368a8551cf69e14a17994c9dba36302cce7e8e3f03e53782a963fe8990baf616b736e95b12b2890e0cfc7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d17710e794e8d0c7ba30b3f4758fe022

SHA1
8d1cd2dc373c6cb5a2bd13fbadabe17294b253f4

SHA256
55eac8e43f8357dc38446247a5a264e6c5f593d585b00e818f52e7db40d05bf6

SHA512
998dc4b7efb2dd871b3680fe3213e432e71f6b8a9d2c427faa3ee2d3ff875478d7a0341ea6fe39adfd5bc0606b2f53af24da64e796c961aa5f8f6c8ca389b38b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7d1210e57cb8214ef87568df46ec97c2

SHA1
8c34d45688091d1d479288a3ddc985a98331c1f5

SHA256
aec785ae08478000bea724e8cc2d2417984f2da7c69349bc379373c08dcbee8c

SHA512
8f87d8ce9d55aba99bed8384e58d85b812bf91f49bdd3c90505826dca42613fc867e2c5d93e7de5dadc7edbe6f7ba062db91b56f275b7269eb80e395493142d2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1cda891dd2b9ed8201543b6febb1f181

SHA1
b45322bcb3d1e295468a807aa00497318be247e0

SHA256
03160fdbabb0ff3b584016e488cdda168f5e49789ff317d786691e312f6bee37

SHA512
e33ac56e94c397a35a9254e07f39031e1f33a72f67079f108cd4a54e6623aab000db08684d686b84d6e95d0de750e7647b5922a0c7ce0aabe81c15f10f943f80

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
43754ab29521c49b4f67611d626ae83f

SHA1
4e4d2c258254542e57d45fbd27d2d6be84b4afb2

SHA256
3360532ed02d2375ca37b67a675b81aef4a29d5a17d87ca6f944390821ae6edd

SHA512
6dbddd13ef284f0599ce26a43f9567830ba7413ed9d6a8e919e7f66a3aee2816b5c6ea8582638a27604014f094858b56569cd626f412a2c0b3fe7dc29432340c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
143B

MD5
d76855b48d761122a2c5100e922a29b3

SHA1
322f64f46a6bd8a33b44d7c5e68c7e2cc0dec36d

SHA256
8fa8e79ff1a7c8ae146535915840a067661ad558acc9ab1c49db06e2920b33f6

SHA512
61f4b45ae5f1b81add48f765415148d9ed3a003f4bed8839233a9bdb0cd07f94989133590ff470edd1f97401ffe9c38c41e83feca71740b119e32d05104bbeb2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
583B

MD5
4cfb420d3d4c6e7e53e028150035fb2b

SHA1
49f107254415729aa18d2fa5d1451ea4603ffc9d

SHA256
691fc516df8e7d41120e0a342ef5f3b993067c3820a77c76781f94f3935df7a5

SHA512
9b316e959c3d7beab1cf5830c0f621bbd0c2998fc5cf1fe6f048cbda186ac4aef2b27f7bbed5a79768b72b888336b549bd1bd2c8a21bdbe2705c9344a1302bfe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
40d624f62859bc8d1240bfa32508537c

SHA1
2708ae3a8dc636c099fff7c202d41de6a47df0df

SHA256
4cc0dab0d9eff8a618351ec0509bb1f13f2e337e493ffbf8c2a54f9ef4545713

SHA512
82725f3c6873a00487db2b0fc1b1d92d65d1f79b124877de998ab887da9058eebdb7a3c065074a713f03b07f620a8fd58d2983f6015b4cbc4a57dd6669f50ea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0f988445efc11e28864ea5bf8117e9d3

SHA1
8dc533fdd7b26257913dcf391772378ad1d21ac5

SHA256
8de23379c3c3a2338d4811f8e9cfcf9435fa7081295cc3e9f33aa813a0b4318d

SHA512
39478275add4779602cbd53ba3cac914b79d66940358fb6a816435c0966beab17709dfdddaf18d05b8c7c5530f39f0033cd22750d6c179e99efb34995e401982

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
97392de6895a6392ed191ad6e6d88c3c

SHA1
ec2d665416945ad444c88f495c86f2b9ac325126

SHA256
a6516bc24380164a34d5995c927421a09477ff90bed67590fe3202e27e941a1c

SHA512
3d6cc69b923e87477f9529e1964ce411eddc263cb5fdcf81cf238a22f8c5908ca4c5828b3383a93236b37c8650d04a51b267f3a888595e49a6bebf1fcd3e44f2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4ffdf135ae0119c8de4e17348ff59cb9

SHA1
1c0e481e80d8f3e19bba60db9b4e5598f5642dbc

SHA256
1fab5e3908f9977ac4d4e348248619cd0b45ee3f29cac2fac141492317bbf03a

SHA512
098bc552e8d8b530cbe02268ced19de5a7eca9701112d6a0de4800317f1a9c53d623badea293678dd1fdeabb978350c9ab00e14a8cc416f392ccdd67d4d80764

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d6c02ea695b4b5aea3af75608a9f8c78

SHA1
972386870fdfb55aa13e3c5c2b4c22f26054313f

SHA256
3839162e8345a308d8b1420b3406c4ea953b5049b8aab415494e49140a50ba62

SHA512
8a20d4598ebb86b25ec006fb70779208115acab94814257515323a8f6731f81a4dea69dc95325d480466a411a9833cb22e6ba1fcdd0bcf018d3596ed89115c3d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
855B

MD5
81024bb6fc0f57842a0d99399d76c5e8

SHA1
6b5532853b04ef5f524b8118c8e34cd476d077b3

SHA256
044d09a13821d3b55f5051d07a143fd95e40e63863071dcc4e59b66243075099

SHA512
c1c3aca84edc83c63d4f3aeabc170dbf7e8b20a3b98cf6976f748a6f4217037a9b6534b75e37d58974da1471929685c944d25d4faaafb290b7adaaac568d6026

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
854B

MD5
9140eca98fbb813a3bc51952fa57821c

SHA1
27e4981f1d0d0a55d9a25cd0388fdb53b2135c24

SHA256
09d8c268eb311b3d786001b6384382e6d532cb84baa52fb0da5b504d60772ad3

SHA512
1a65892a4f8e3eb976c3892dc79c9ff2cafe2fc4ed79e1a13dcdb190a800bedf02451f626687d78d7ffcd56370cdc65f1174d54b2d3a30cf59f09f6a42ef6ba6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe5a3402.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6b1c0db72d94d45091a8dddb961509a

SHA1
8f5fa7848ef237a45bcddc32a7624a1ef30b7926

SHA256
09363d73033cf95a3986d6d5dce443a777cb76d0253b3a03f2d84f1d84e407d6

SHA512
d991d5eab49cce23aee0d14752d367e05aeac8b937217284323d736b48268a4fc741a2309b755a1dfd6553132e764d63edba4d8e0d6e4862a882cb9340ce903c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd102e6b76c0d704328a1105b89ca3a2

SHA1
4dd311d30238d38f7015292234e8477fb4cdd5ac

SHA256
c24ec5e708a1dbdc1d2d2ab4f0e0508907f72431070550df15766f0eb5cd1fce

SHA512
3a09ef448f3649eaf326f2d93c12878c52b3ae01252caa7fe95abaadd5833ad525b2beb7569c945f4285a065c9d6bf638b99cc1b825eedcc42fa38cf6994e211

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23bf77477ebea684790ec5499ff4fc9a

SHA1
adb7242026115c269389f99928467540d538fed1

SHA256
b9cc3330000d1129e5265dd8415400f767e54588cac99592cc49d1767aea765d

SHA512
276f469ca4dc32d96306b0b5637f5bb7196d87d5d4e655fed76dc457974cdc2a2da5aad728b0992fb17f67af9a2215bc40e56ce9f836c95b1a276a2cc4ecd17b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
368bf0d5908de86cca1d2bd95ca88f8b

SHA1
f7590ac00dfa2074dc8bbfd1633d04360d499d76

SHA256
87f85519f2a2d584a4df24000e07e2f24c8e70be7f4165487213a1339da5c758

SHA512
78b119d056aab86d8b69ab91ad8865abeadbc2209826f7abaa43aa072a5eb992b4b3eb4bb670b45dacccd8f8a2f1b82b23bb320ea3915b7c283a2bae62b002f4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
722650f9afff3920b5659fb2fc0af6b5

SHA1
86385416820cd4e7532bc58cadee9a9e5e409226

SHA256
13df00b9cf514b30e6fce8d2938c2450389fe7958b46c5c8f4cfdb227ba8b0f1

SHA512
d1ae9f2dd6a652b06a4eaeaf66b03a80f92f5c0d6109cf66632369fff6df2552b77c759c69ede63d77924fbb81e67021790551a7285f8b6a8a9826cc051c7258

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d45b157a9e3943e8a4c1587bdf75f185

SHA1
04482690c9d0d2da2a3813188ce6a6f5f7025086

SHA256
03155783bf9862741cd7896f43ba170f07905efbca4e9ff3564088f5e4a83d1b

SHA512
24b6f4ec4c469fde124c32078ef5a2d5de631629202b3cc27ff6ae14b848d403b2f5359bf85f6185a7fdbeb78d29537b5656912a8f640d324380775af92f0469

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07e1597dc4a126fdbaca111df739e51b

SHA1
ae5dd64a222cf89fa97668ed19998327521980ef

SHA256
d83436e77989540fe31d10d0f29a8df5fefb095016dfb5d431e95ab6ff373588

SHA512
7e7686a942f097b5a9c3a2d8d68e4153d2157f14762c7fa91253cf7e1cd6d042c5067dcbc7ef80e16906b08b6bf3c51c1223a99dde147288801774073972cb4b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb758e8702746cb0995bdc0fd8afdf49

SHA1
93a9da54d10880114306760c93ccbf1a64c4eadf

SHA256
c4da75ed95ea17e793ebd16acf0b9d7e4f9297346c3bbb379715f1d4589195b6

SHA512
ed53984b129b630e1f5a8a169979f3cfc87ce0acb7d0e0d3536fc97133d06ee53f1deb3b968c2de8e4e9cf43facf620392e616830ba881d480b0e89c81acbdce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a42ebc2817c0ab808f61bab505b66c8

SHA1
f5652a90b2364233892541aec87f18a6bc26472c

SHA256
7d890db8b4d50e7c6c43a79792cce4fd11ea3a29690a04bf3a485aa0e106a569

SHA512
ea15e5c8d8520af8a7ed3f99e4348d2bde1d301e90154647af701c2545c2c7369152785e4aacaa66e6566256c9b145ef870f1e863fadb9c6e04eb5f69dd3c791

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b787a32594922b413af0b53f966fe41

SHA1
ec616764245cc087368a6ec91f61414a6a040bff

SHA256
b0d876601a32524e9a24a5207af45f95f71768aa91f3a31441ad67c3d7fc0c65

SHA512
0a2e8c54b2a503f0316fb2d2350802ae61979da1c6d3d4829656240e79dec302053213294ff5b37c3fc4a060c36d3b43ff31a7d2d1432fb803cd62c5d0047c9a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61fdeaf73450e5a376980bd9efaea032

SHA1
4217a4dd1890566e6a9a5da7f37378a164adbefa

SHA256
a855e86bc5d7448c071bac70f161df74b808aa1bdf7327404fcbedc4e762c2e8

SHA512
b22afeda1f288c7c3a1d431b6d1d06f233ad678390fc7612bb5bb6eedadd92cfec4ddb31dc41a640a1118bdcbd3226d2a6f8f3a8a2c9eb0de5ab0e8b865395bb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec54159875785f9a2fe9c1a35e05aa74

SHA1
f3d305ac06962781130861189c69a1375b639d24

SHA256
38e856a2c7b48a071867738b6a31d211339e12505cba0dc83f0b9fc80a1114a1

SHA512
a58dce31a2806ef02078250961f2f0271c500867a3ca4b30b7ad9cf3e5c2c7004d8e60c4ad57fb8ffc9069cdf188b1ff6233204d481992b59a0b325d4241bcfa

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
da96d07187bd0dedefb795178d0d7967

SHA1
ed9462befbfcba9bf79c0a5342390b7f78724a87

SHA256
7fa02f53fb68a4d5f49895c53dcaeb8a7a5b0f2e08a6c5b5e6135a3d985b3a1f

SHA512
dc472db74dd33f66e714e8d94c84dd57f13d0a1f33acd109cd749e4db207313146e994e3598105218b16fe28ad1d08d2284bca72c2e344c28e01cf9ce0e324b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c012e7cf767ef33c3cf684927b8128d

SHA1
400acfe4de8d30c2e0096f0a916def96a852f3da

SHA256
588278c79b3a2499d41191ab581f173dce537fa71700405d38902dc9e6279348

SHA512
59c57af85705742c559eceb17ad3af4b38e39f44f370e25c0ebebcb7fa54bd4eda9c3e552e11f24dd7b68c9dae00d62ac0c7916221587b008c5f0f922054e545

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0fefd9167a3c61822a17b86c74f6123

SHA1
ad9bdbb026ef8bc9e5ecde0329ba1b3e47b02035

SHA256
4a167201e25c32194e5cd0ef4b1227712ad670178cc008d534342962ef761062

SHA512
f98ae1907f1af8f6ce88bb93ad75f3836d127ca64c7f7ecaf040208230226b44b316dfa147301ce880b6945bece608f4a3319813ddf17913571df9dcc4b362c9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5b2874.TMP

Filesize
188B

MD5
c0b3f8afb9a006b06d773f52dc292362

SHA1
7ac2019718f3ae572dac58e2de94b4466b77a009

SHA256
010f09a963dc469c42033d22f6302e0a3ecb3587abe3f8d45d4dbc948990410b

SHA512
29146ed81c960f4fa1f516d5afc2660dfe165440de85b2b99c682a6f950279a31abae0219f7e0d671adde90613357047694d949e759e2232775291c0decbdcc1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
18KB

MD5
6d42c7eaef5e1c469ad86be6d513ec6f

SHA1
19d703aba4dbe212d2262d65dbb4a302009e0751

SHA256
6ac8fcd98f32c0b895314cb6a53ac3a77a3bb8e8a0b62e184be9b9aed76cf733

SHA512
3fb84a8876e54620e3bbd433466977871719ee72c418dc18a0fa15fc0a85cdeb5065a855aec21477a2df0329dc89add17331d217bbf0fd450a13ce37683cdbea

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
19KB

MD5
01d11d0a3ccdc7efab6d1a352817ac94

SHA1
e78efa08b934d87a8fa47f78c84b76ec5269c0d6

SHA256
2885c5e6a8dfb88a1ce595925c4ae48189373c56688666eb292e55a2c6fb9e4e

SHA512
480d6cbe901d933739344d4be30c8bf6560804e68fa386997dd73d9889623ad645b550b07bc496f483fe48a9a9327032fea86351dfdb909ca88bec856c11bb65

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
19KB

MD5
7cca7c407272eb5580d8ad9470ceb20f

SHA1
c11248d71fd7a42e1d9c590b5baa8f5dac479d62

SHA256
22c02a1e64bb616eb35bb40a915f3b93e316b780f76db40782e93e692eda0272

SHA512
10bbd09a76a9830a9ebc9196b7ba0f59dd302763a30854c51e61da24d5be219d02c9f932fd9f711fcd72f7b76544414c47ce74b045d922d9adaab5124cc1337e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
17KB

MD5
966763b726029073d55059318d2bc366

SHA1
2021b8a742c61974444ab9ffc62d9915eadb1e98

SHA256
acdf8e1bc5de9f53c7777d6084f66cc955a2032166c0ce6ebde495a0960d5406

SHA512
b977957423938ee27ce8b21154a2358ac49c9c04e4ec62a1f25877834e092dbccd491f15d3b5d111e7a622480c1c258dcffa756100534ee3534df5db9a6a0230

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
d207b63a79484db68ace25754a49b511

SHA1
2a840cee0b0cb87de9c2551a60be57ef0380e4ff

SHA256
b4c0592292be2f05275f7900c23720adddbb5604cda6d05f4206ab9937f19662

SHA512
c9b3b7829cfc105591cd07cb95e46b66265b08f995f7bc1a9a063dbd2b03c425bf826564728ed39a90855bb8e0e35fb94d596fe41924f5b4493d97a5a97c7223

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
17KB

MD5
ed26b114b16ad695a1b6a1a0a9cdced4

SHA1
3354d1f0160a8ea9e7fc8565094f9da389f35b2c

SHA256
71f989c7b16956341067d72ecd3b4ef5b9cc11ed98028a322207e7315a4d9760

SHA512
2201da9723d6aa7ca2bfd6a38eb9d08edbfe382ddd1331be75f479a6de340388c931ecd0d5d79dd31349426f9f7e6665c109169bd8e5c2473083137fa2352cd3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe59355e.TMP

Filesize
2KB

MD5
f12e8d087eeb4956a0dc1db85e04b32d

SHA1
a8e2aa5e90e511f3abe094beeb31f8558708104a

SHA256
a289ef2cde7eee8e6a66f9b213223c5e55f44a8eb5ea5b0fff41c0a34b50772a

SHA512
63914fd50f305ed0e36b4ddd4250deab99e13a4098efbaa2c47491fc5549f6f59635fe00efb145154a2d184f66c0105ecc1cdb1b2dcefca37254c8990a1ff6ae

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
d16c43d1fe9bd7e30d45aea89ab48c46

SHA1
80acebe60e7a4545c9df1cfcfe0d95556af373a1

SHA256
a84fe6ffc9461f3ffb9799cb972bb2d68287a6f58ee79634b90fec38915fbbd6

SHA512
7c4ad6da8ab87d23725398dcfa668f5b728d01fe9f0c1bcd5111d47aebf238f70ca134a5c4b9bcedd562025b469d5fe1dbb248a87d601661d2fbe810678f3dc0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
aa6e8af3ac8fda84923f83d5cd39a138

SHA1
12af753ab8160a14ca932142b8cc27c90859c9d0

SHA256
c3690380861adfe2eeb5f33773898e2268b21b332bffa8c832001feb5853a869

SHA512
ab92076a0edeffebd674d0e79563009360562860d636bb0d98290631d21b273fa2d99e5a64b7171253fcf284dc826e819b9f2b78c817419d69dc0104af21464c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\492718095f602324b357e60917636efa746ae235\460bbba9-a2a2-40ae-8015-de02ba187904\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\492718095f602324b357e60917636efa746ae235\460bbba9-a2a2-40ae-8015-de02ba187904\index-dir\the-real-index

Filesize
72B

MD5
828510c94ab35ef1cf6b0f82fd2b7488

SHA1
527506af56bd48e82c28eee7333172a86de09145

SHA256
e8edd01589930a2c6126a354035511152d70bff97ad3b86687571d854525e810

SHA512
ee2dbd33e9cbbef2d11000e95609f1855ea3e144c3eef104a0e583fa78afe22aa2892b9591d064512e229bc5256eeb419d0805bcabc050416e650b4a0dac5fdc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\492718095f602324b357e60917636efa746ae235\460bbba9-a2a2-40ae-8015-de02ba187904\index-dir\the-real-index~RFe5e6dfa.TMP

Filesize
48B

MD5
5a7cf25c6f6916cfeab1ccbd3cc6e9d6

SHA1
1fc9f5403c3481043e891a930b7a1c34e68b597a

SHA256
7c0ed299979d2b76af7be1e7d6d528ba6d760afa59d8af966dd5a75bd296e494

SHA512
8306b151b04dd8aeb027616e739ac8c000a819358965cf957a5599fbbc5a4f316507ddf5a42c967c804b1c0ffaeaac8283da9987c871e101c616a98c2c6768f0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\492718095f602324b357e60917636efa746ae235\index.txt

Filesize
122B

MD5
92d1ef771480c5727761bae268181b4d

SHA1
d858d89061db0358ca7a0576c099f4a19c5d38f0

SHA256
14240dfbd214a6a3941a82909c88929fcb635d2d5ae15d9a2d69d1e115e29333

SHA512
3744dc5fd0427eb8ec1d822252d5f056f925528940383807c51ede5df6f361ebbae83230573994ba4adadbbd15767f7617bdc679586ba608d3054c9fe0a77219

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\492718095f602324b357e60917636efa746ae235\index.txt~RFe5e6e29.TMP

Filesize
128B

MD5
c5b9e38382e73d72f4a01e5348cd6846

SHA1
04c94ff5c888db34f44301c6ea1ada4c7eeed604

SHA256
e0926c3100125877849b00eb9214b951575f59db150b65ffc4877f7a54297f16

SHA512
81d1405aacbf3cdfd587f0c575774ee037451f4918609333035a489fa189180fded50fcd192fb596d4dad64705f70679f9c3f0c790be64509dde3c94291af4d7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4d799349058cd0c947d595c54aa88fe6

SHA1
bd227c2c27cb55ae9aacba19ed35692bc263587c

SHA256
4f8848a95a4cbca7cc1080bb059c1fd4e933d43a7bdb2b1ed122108c93e59f1d

SHA512
ccc69aa6644f6cde990cac62e17a9a7843026724d6eb876775fa2bf5b624335b1a0f4eacd8421152f76f1a47ffc323841aaa6c9d902702c79a44d9ca9de146b3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e6d1f.TMP

Filesize
48B

MD5
5b04820bf46257a50c61fbb0da1f9998

SHA1
d4d90c3979185b56208f9dad3fa67982676d4bfe

SHA256
9c9cdcfc797cc916cb9be4eee2dbdfe0614ebca2a4e465cc347dbfc4970ef1d1

SHA512
c1335db4625fd8d6a30b975a03e774f4dcf5a07f409739235e2fbbb194639e38e7aa30f187575f8361134a717795a90f5ff55e97cb317f24f37b31965037dd7f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\ba9bd02d-cb95-456e-90aa-b2652dbba567.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\e4149511-1ab2-4a80-a0b6-d20af9c978aa.tmp

Filesize
7KB

MD5
0041327337081c8185d68249b8eb6cae

SHA1
54150125c15b6187758955be747ce91dfed3d82a

SHA256
4a39bcfb06502a5a9318d7ffe3f8a23c1fccded7352de05452f6e7885c02329f

SHA512
105df0f351eb50fe298844f370f724a61fcd10ce5985270f4a3125c5e39f876ded8e5265124974f73ef761cb90e72f48a099d10e356156f965a5a8841d772343

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
7KB

MD5
d9fa9ceb753d07a3d12ff79b10c05825

SHA1
0e4109e12e0206c11c986cbd077820b8287a8e83

SHA256
b468f0a6a4a40cf4d25ad503fcff631ab43385ab2484a8dc46f8f1c2897efcb9

SHA512
8449f76056a1e9f46f10b92d57cbc0a2a6401bd6d5043b71d8db813d8ccb2631e9c48026741a9843f3a93485ea041db35793335db3b59db72750d6acb67868ec

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
a2d6032bd237ce0fcf89652fd0528353

SHA1
85674bf504c3d74f9116f6840da9a5def7c70453

SHA256
0d0258b699367e22d7545bba8c3508c39dd8802b74b6c19b884cefacbbb91f54

SHA512
730b11e9a50c6766df23ee3d2a4138a204091b56aabe246ef2ed6f9042619bc090c4754d2d708486d4fc5e369b775fec17a28d713d1266c9ccb298659acbbf79

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
94KB

MD5
a72177000c5aed404104bcc532408e7b

SHA1
12b6cffd9485ac667caba50ea5399722fc993b7e

SHA256
e87f60f81252b854f9794dc8ef953d4008c25aceaabfdfd733a85c5006894bd0

SHA512
8507c9bc0800b9a2a454b19527c6e65b614717592ff36fa452fdd542d84fdb70b89f89fbfd81837d2a8f0324e9b318ffd5ba94c56dbaf6f223fbba53eb422d75

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
88KB

MD5
21cbac389936a3aaaa7714ebfbe3c7e9

SHA1
99b3e87172d88f67e243ad93874dee1b27e6c118

SHA256
35d30a051348441e36cdc8b84c78827c4e16f147d135a7486c95730e50cee3f6

SHA512
b09868dfb78b38a55ed62e8daa2bad176bc17f0623135a2da7901c86ba5afa8485c0c64bc26ee4f57613d04f6467946ca94d7c51681d1c4b5d6f2dd7b4327f74

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
82e074bff80e2b90906e6833c68c7fb8

SHA1
417cd6f98c1b1873c45c45b2237bae3006fe2f11

SHA256
e3aee8eec7bc7f87c7cfba7d4848b7b0afd428f43944deb1efe902fdb29c72b4

SHA512
81880dfa959d6ce1f6a219de86ccdeac539a95200743b59f2ad1246e508c42f1f43d2bcd6fdceaf7d8b03f793b7f73756272df1ae67e514a4e21309e99b28688

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
95KB

MD5
a677778ac70c6a63693ae595351b12a9

SHA1
c1ce9c5f6fc4fb65b097d7fac24845dc620a6fde

SHA256
516a7138a8d356f86fb5fd8093fc705566183c178f77d39a744e249de8e69726

SHA512
7f5f4bda0d098a9b86d011e33682de348e2987fb22adfb63dad589280ad1937fe98fa15d8472bea5642394819a5b5abc40b352d1f4c08499569b05153b9bd09e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
94KB

MD5
7e3c0eb8a49c8e15a573837e82ef08e4

SHA1
01d6271645d809523c58c9ed1b0f5c706c77cf27

SHA256
62c486ae189c34ad0cb0cbaf12a71bf5151925d2266f837dd451a1544286e2b7

SHA512
0d036091b8a631d0aa7605e0ab92709937a777aa470d52dcad8d3bd269bf19e46e819e031c6a935395968f820cf70d7afd7e5a47ed8a2e0294b3cedb90e66085

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
89baa6b170925ef73688791d1055cd1b

SHA1
41e3a5b0536047e303b97fdb8f92beca95d76399

SHA256
18dd42562c4adf0cf1728646d0a78298ce2f6fb695a33cc5d1c6099eea7d8e38

SHA512
eaa558e449fd4916e2c9ab33fd4ee7e82f6c960703c8a61f1ae2f9c60a6a16bbc9f3bf2e521c93f022b5634b7f000e57377afe529573a3bc1b4c2de17f5e71d7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
9464957e867b7bbe1256820333706635

SHA1
d7f7bd86189f3648feecd74ec2cf530045c76a52

SHA256
aa189163976f1062b04d97d7473bb9f13fa3019dcaf2f9892e7724c95fc6c4a9

SHA512
89f276c59a14666cf83aa38063d8478ea50497f5c7d110f46403ba6b399a354bf8c7d98be61f46aedb1659bc6790c5257150136ea96aec8c882e93edc302e095

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
95KB

MD5
c6b024fbd5399936ab7034cee63cae27

SHA1
f9c1cead8958343c2b403d1b786d637d215a20a2

SHA256
7afee924100d12c4aaa20b7d8e98306ebd88dae4adb8d02025192d2177920722

SHA512
0f601ba79d5f408a66955d107c2b4dd32f82b26304f7a4dbae500a2b6299ab0717a6cab362029e92b5d9d1f1aef13c04a753e3ba945efc3a0836647ef6022b4d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
87KB

MD5
69caca5424883db4f349e9f4ec17a77f

SHA1
f082ad462ef6052b8048b6821e45e40b47a8fe81

SHA256
9e1216e38099012b3d21850e94e1e5585900e0c6f68f809fb4efa7ffe90b0e58

SHA512
418dd6439312142984e982fdbdb234d79bef15e966ef861f951bd0e8217f07bb2ec84444f5f75f22c2723264e256c928499a9546db05b6a5d773cd20885e8993

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
48KB

MD5
c91bd163a39dcded49fcf8d405c46cf5

SHA1
0343df38294ab4f8f4ba5d2c962d79dab80727bb

SHA256
45b8b665661a0932261bf58b9282a37ae0316822a939ac9190ece897a786c07a

SHA512
47a7626351068fdb5fd3b4e8574bc3c0996d36dbbbb37a912d2bc9edd1e2dba3e0da81359f9267b20b351150d0804d6f129787ad80ce6ac7dace2aafd7928ee5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
93KB

MD5
6e0c740068b6ed733dfae270876c328a

SHA1
14ba03d1f57622502ba2d20c5e32d6a9666bb4e1

SHA256
eaf3c3f1d47a68abd7d646357a0c75cb010b5d91e36f61d823df0263b904cbe6

SHA512
28e8dd1a8eaba6f0e369abd4d39f57aec6d2c212173a9953b1407c1669c2a2b717caa93e0577b644d2bf68910c3f5ef795e4fdb7ef69d650ad5ad6338cd71a5f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
92KB

MD5
b32d99f80685cd923080915d92adf8a5

SHA1
733985d7db34abff4f9a7f2c0cb9423d5f7dfc7b

SHA256
085f5e984b59b7d450760c5235c2e440b3b11d91cbb7df1554e1c38dce433b11

SHA512
424e8a6b8a18384b165b87abe8844d2a88a4240dd699e86bc64830c6fffe0927b906305cf9d7141b196fbe10d6bc6227fa82b229b0bb1ccfacd72882232f32ca

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
80KB

MD5
8eb94e25fd09dc0d8aa2dc4cdc55d6f6

SHA1
89751f5c98457285ebcc3d7cdbb2d9477e65873e

SHA256
980cfa751513b6260a172fc9524dbc7265349df41d96a41b9a08a28185c031a6

SHA512
0c97ee4008bfd969698a48af0997d8f3845ed2f4634fb6e7c5989fd250c7863e1fd6d271cdeab259090f8c916daebae05f976dd82355bbfb648a9cd476c5e035

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
82KB

MD5
cbe0341bc5d57c8b4f2b3ca64d462d24

SHA1
a72f859d9cbc687de99744bb20342de0a6937689

SHA256
5c009551aa56a38fded93832b6e258a9bb023cc36b758f6fc416e94b5d423ca5

SHA512
c2b39afa0c172e1bc887edf17b4b401e7e6640752aeae02dc592f4c7a57625e03a85e3b712cdcbc002b639dfe10db9a55788297a95f405a1bc050e77e3a26d83

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
0f079823e1b20a1cff0aa2a16888bd4e

SHA1
5a20ed4a476ee26917415dfc5ecd0c456167db2c

SHA256
18cc3fe5fa3b25d5bd7c4fd24e807b8460b4b9105d88acc0d0611d9076e67737

SHA512
5e8d4ae31af182ffd1e6b78fa3e41af52cd42676f59212ef1019c704d28903c1d1f124093bb1a06df3c608f4ff716ba3eb263c32b9c3457705445799971e1e18

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
87KB

MD5
67aa92dc4c29a24f778d762857060521

SHA1
5b6601fe8c30915555dfc94a23506c55e659c343

SHA256
8a54ae6b20e4f32f3d22b3d463caacedeb68d0f94e1471d2e4f910532f2450fa

SHA512
5f054fd1b2de70bef17cbfaf0261e4d7da16167a78cb91ff8c9067a4117af61c4c11c875c8d4694264f4740af71e8d83415ff36215d062f3b0d79070b74948b1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
76KB

MD5
84bf9ec2dafd0f790d883c52ef0bb99c

SHA1
b6128b0558b88cd293130260f3339e09992eeee4

SHA256
8f3562f2ae7394b2dc9a1337d3c06880145894ce79dda73983036846815cfde9

SHA512
8f87cce3db6e2ed4bff798b4100762975488cc3ac6f1923a80e4cfd4bc4c4f46c073dbc77870479174046bd46232ef8fd6d60ab0915c18b5119fee1bfcece850

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
73KB

MD5
31ca2342a32b960e40bb1ab7f085a11b

SHA1
ec7517e18205f2c4e2e84891c98a940c7df4a135

SHA256
4e1556f0c6488231f2df641158cd2b28911ad1b8e5be88236bab95397319618a

SHA512
ee50d332f71cdc5fc8213e6b1b2f0ba3739a666626e681bc327b8bdc405cc86645e6654518423e61d60c4758639a072ff53bb4b0baf3b71ede15686db6e3afac

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
73KB

MD5
f9a05227c58c2501e9fcfc82019d962b

SHA1
c631badf8cfe1f19fb1807d6827c6c7b2908ce9f

SHA256
6ea48a6a04e57739226484015f2648aba6143ad6e5ddbf78a849166e120ae9cf

SHA512
a4f11a338eeff4f2c1cb0b131807513dd9867ff2da5ca75fb7797030b6a3a086b09d94ee9527ea10db1df7682fd5d2b20f517b3cbe4db4342bfa8acf8662ab9b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
94KB

MD5
6eb1eb015e02bbbf574731a4145fb7d7

SHA1
43af72d623f68a9c837ce2b016b1356c29312602

SHA256
be2b59eae769b298b3268d41e068bd71e33bb9f08446d3014cc63e89d41d7996

SHA512
b9f1c60147c29df22c475dac5ff23063c53142dc0de8ef42dc821d51d3246a129a4a4a132ffa9771d66bb66419921d3bb0b57d7fa459bff8f1cda96eb261d3ec

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
88KB

MD5
44f2c881c6a63874a8b7370976adc561

SHA1
64680a766fa3d63ac22ee167a57be03cd7bb1648

SHA256
cbf064eb7799ba39d78bfc10e57d530402acdd7a4b4699fd1f8bf7e0df663e4a

SHA512
e1f618ca6a14171ca851ed876578e3c8071f87aa0367ef00cb51027fbcfe7b6f2d49daf4dcea02b2649c5cc611e000a5cdbc6967e64c1394685348b84f3e7d66

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
79KB

MD5
18564683cd23422b8957ba998626ef6c

SHA1
b2b03daffa04d6d4075a0be892aebd94c1fe895f

SHA256
f0038579b333fd34d43d40cb11ff40a94836a5a56b559d08fa1eee0850d31a54

SHA512
4521a4b0dfbfec0c8d21030683becebb6e8ae1b397c2c6db881c1cc2e55ebce04a05487a142113593995f7ea0380ae6abad2472796bd0af21a9ed07a1f28d52d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
93KB

MD5
94b608446c40c9f62bc5da11cc75210e

SHA1
183a1d1b18e9e72ac5399e27963724ef93a9ed78

SHA256
13e188b69804b58bc809ca7d9b9c27c10e22bb6eaa597082d5f3fb1674211e65

SHA512
7082013b0cc2c3f41fead51c24f90c35445575be36f29724f4883eff95a2a7a6952b04b338d454c9d213833b6ce2cf1fb6e530e4f49ffb280d41188962c140fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
49KB

MD5
6e21faca9d4ac5ae19ed703cba5604e8

SHA1
dc9f4f464e7ef79fe042e49e17ff5dc995de1a0a

SHA256
54ec911cad87bfcab787784f8f1181d5a5f34f5d7e0d6fb98d6201b9b7c0d2e9

SHA512
cfc7de87bdd6e3f82677281d96e5a435562fcd14c966dfb292f412674b691af7c127eb92eef5a5b782e246838c0ca46174d705b8c15976e9dafb1110546d09ce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
44ce6bdd6b4250692de955489c387253

SHA1
669b2c1d52509f079c1d44c52fa05791df21b0fb

SHA256
398e9ae8adcf4b8b04a6812fc79193fbc0c12b327b407bb2558b29ce56879107

SHA512
82c979aa9d031a8ed9bbf0c1c55bc18a45b5a7182260cf53672396944dc76760d3662f685c8d8ba3ce984ba5dc0be855735c647ff8662ec3798cf0c98e2d5990

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
48KB

MD5
6b0c2d89db0caa4b111f2afa09a77ed2

SHA1
74154efa33f5cee2df8a6b6130eb0fa37b3a9325

SHA256
225102b42cab24ef441511ae3020797e128c0f87519b39307d8062e9740701cc

SHA512
c46d7cf053de1bbba79c588945d52659df534a843a03026d22660ff83dc79c82dbcf87fd46373376ea0349a9250375197adeaca3b867836a0a973c52bfe29780

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
6a62c6dabbe90514a85dc13c87b1505c

SHA1
0e467dbd08c00d717819a0ab7aac021f0f5134fd

SHA256
0ed1d686c6dd1c671c272ac105dfb3dbd71ab415a0feaf5c5cfd9232a995ea18

SHA512
12a0ef7e1a41b5a15989d1448a15a887d44273c0b578e9b16cacc366b3dac2d2f40c99d2b5364f03c086c017478aabf2cc6a792e7d92375dd54c9e63ac7f8e82

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
91KB

MD5
e406e1209f4e8308c97230eae7b4cd3f

SHA1
b4bcf27cb91588eabbae9f84d9dc475c4ac45b15

SHA256
eea121cc4f0bf373beca84dd46bdf639197bcd433844c9f12590f958a50e3c9b

SHA512
a3c90089ffbb60d75181e56d7e9253a1af94dea05aa8d52bb738f8bb1c390add51b267224c42e69ff06d44c1d74dc1fa4249d4c431ab6e8f9378ea9644eb9128

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
90KB

MD5
33aa3520c1aa284e458f9c3cdfcd64f1

SHA1
c174af7d0685d1776172bda8e6d4557b34e3554a

SHA256
c1b30e73461b6bfdbc989d216a5c17e79004b59af8caa8e5bf63315f55b74499

SHA512
9f92ddede603403aa5a5c3461fb5361ed5016671a96a13686a06374f592332dad2590671853075618a1cf84b65a61a6146aa1cef0cd6e7003cde5983f37fa3e3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe590e10.TMP

Filesize
6KB

MD5
2fa9e5a8d79c2df2518382494fde9375

SHA1
07a883bc629044b1eb2f0ca5652c441fe6b57efd

SHA256
ba5d0d4f662189b17192a86675887e24a072a20837b31feb9067d2d0d83e5384

SHA512
3ad68619ba9579e1edcb1dc90e088c05adb576b616bfc7fa1fef53c36c81f837c637babe66eeb659c844e6d619e01e3ad8ddf36105e198bbb42e834ae345dcde

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1199\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1199\ct_config.pb

Filesize
50KB

MD5
cd63031ae914f5c22119d4a21e3b5378

SHA1
9313fd3f4f1888143b98b377f8a8a2e7e26a97f4

SHA256
4a0783213e1da0a35912bf3417c3878fbecb2edec8bd8b5ff953e6e2d76e5c22

SHA512
c3d89c5885060375d53a6c1492d4a042c49af099782a49852affac30256960c026108cc3e8ab9ab2a38dcc20a6e2d32b3a1f0df99c780e5e37e7c66751b632ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1199\kp_pinslist.pb

Filesize
11KB

MD5
55945c9f5d5935ec15917834d70c2553

SHA1
7f8605098dcdbd2109e33a3a58811b7c389a01c7

SHA256
272987db2860736c99e0beb62133065242416221958a67f13aa0e4e20d23d410

SHA512
50b5216a256e2f762f80c0b6099a5b98bb83c8ac58838dbc579b01d388912ce1c17e64413a9284b9be8324334265d4d1a9264e92d2dba3090875ee3d89588012

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3058\safety_tips.pb

Filesize
163KB

MD5
9b8d5611372559bb0c5ec7a5d3f5096a

SHA1
98cb279b6e94e424faf9f6baa86a0c84140bd569

SHA256
9dece439a4472ee74f0a5e239172e6bdf9b05ce85a9f6eaf79598d0817eb6902

SHA512
da044c7790191df4354585aeeb31428300fcd1478191b2d8ca445f90d79c3c61967e777b6dd1e098f2fdbc06d236f819d74392fdf94bb164c1c152f2477195ab

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.20.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.290\list.txt

Filesize
151KB

MD5
9e7546fe03e01da7ea2443e2a51419ae

SHA1
615ac4aa39bba0a0e495229e33fca333b5b308db

SHA256
8c92b2a97b894de01cf075214d12f2b1abedc5d20a0034c9efeb1be828df8486

SHA512
f6441d6b2ff91ed3e26ab4ebaf16a6a7a6eba2056950af0cf4a86490048f4c79faa0969b8893575236184d9dc6de536764dbb2b86775d7b71c58f99d06cf0d65

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1037\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1037\1\clean-urls.json

Filesize
18KB

MD5
dfdf637c43438bdb7a98ba5934897b6a

SHA1
f04a76ad7ee4da0faf9227e2dae6e79922d2298a

SHA256
093858e686c03fe755615e32f41a7266f4191cc40659f25644f281379833be26

SHA512
343742a5fe909722bf124115b7960dfaf88db73af11109ddd539e9a80706648e51f4a6bf9827d6ca4f45bdba0a6c58a5279af4925549a1197b2c6ef79ddb375e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1037\1\debounce.json

Filesize
11KB

MD5
89b3c77c6b79fdf5252be739d528ab23

SHA1
bef55bbd5fe8b4d92551618391da721c1dc5ba27

SHA256
066f3b4550e5f6ebe7bc9c4a17e7b64c26a144df206d87cdf1f981634a5a76c5

SHA512
e397d5dac9662ba5185cff7af34ff8b5ee3ba89a795aad18fc1bdef90cab9e45a78b523589b8edc1a0c3fc28fef10bfb84983e0f1df06a8149f33187914f6bbe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1037\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1037\1\webcompat-exceptions.json

Filesize
6KB

MD5
d729dd53ee2dd0c6f1bfe5bc1c57811c

SHA1
37ea1f351eebf4aef9b98be2df4531185c6c3bd2

SHA256
046280646179d16f5d92deadc1e2141728b77bdd5e4a94231c3ad22fdfd7a256

SHA512
16b3f915ac115cf11ef1d4555524550dafef1925e7251db09c8ee2fd7d0874312e1718d39a3d72821e0f31101e28b62013a07399ee376254fb36d9defd977934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10806\list.txt

Filesize
54KB

MD5
8cc473ebdf719e0d18fda6a47ac1c0cb

SHA1
8b7d9bbfefa6cb92c8f64669b4686f3a6d9cd666

SHA256
0f2d8e5a2da4b4155a234931357591da24cc9715ad36bb3aac3300eb523b4a65

SHA512
3f1e43c47ea384a774df1fb951117c69a2541a742028aa9e44a4d462ca065c15d2b66b852eb2ef5d09801d87f12932844a2472392d7ccad47c32e301f27ddf1d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.12042\list.txt

Filesize
1.3MB

MD5
43675d0b46aeabfbb6b7b532a27fedbc

SHA1
3aed1a80a6cd3677c81a51b86464f1e16b49712e

SHA256
495785973ab1d4f972d07b0353b09350cfe4b16ef56b57c29711bc113ea47224

SHA512
4763e715b8c9b2f05722cfd8e173a9e5c7608888a43c2655d74c07ed1fbeadcd3aa728272fb9cd60ee08a2b639ca1550582cb030a3bf11637c798e3f65cd2ef5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4

Filesize
51KB

MD5
c3417bff3e6f2c693d52d930d9b4900b

SHA1
144ed430e0251a1e014360144515734d4f9c669e

SHA256
be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4

SHA512
4c8090f2bf57fcea3ca30d8069e79c1432f13ed427b855192bec28fae2097f6769cdc3b1927f7b4f7a722aa5291502b47c461adbe6010ac4d7945b389abc4ce3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_390a1975286e787bbbf477ee5ff0f422e79d94f69c8675c2b4d9e2e63937963c

Filesize
71KB

MD5
43491381a74ecf8ceaeca1528c32f38e

SHA1
d5ba7a01011be7b509bdb7a0e6217b26c286bc98

SHA256
390a1975286e787bbbf477ee5ff0f422e79d94f69c8675c2b4d9e2e63937963c

SHA512
d9b13a61f027381eb0b67b0c1662cda8d1e0b3d5b8d29c651d42083fe73ce91d1f8a76b26a25d749571e51ed8b9267c33d3b78b43e77ce988acc37b32614c4d6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_0b560a04e1bd40bfe6a7790a7687b7a06c008f9e04b926921a98f7f6f3554b08

Filesize
18KB

MD5
35d9d5451ba47dafb8ccfce0796a09ae

SHA1
43795c037141430a7dd50a312877b5dd7b9f314e

SHA256
0b560a04e1bd40bfe6a7790a7687b7a06c008f9e04b926921a98f7f6f3554b08

SHA512
4bbcef2c53dc3f3aea22c94627c9baa6731b23a2ac88390c703fe920d4efc5ecc66f7bd3f16dee3aaa44f4ef377b3c58ac722dcf4a6304349d19fd4f9ee63386

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_01e476964f8a2501b75d315ea52e66e8f441963ecd47942df012347091cacd2a

Filesize
407KB

MD5
d3d74da7fe83124b8fc7d7e36d8cf29d

SHA1
c78ea17bb6208f7af4d1f412ff2ed0349dd3556b

SHA256
01e476964f8a2501b75d315ea52e66e8f441963ecd47942df012347091cacd2a

SHA512
183e83a3ea10d6d5e3185f729e415e0364c39cc4d0207f1229df81e7bebe97d3e5e2042276c4b5a0190a1f603649af9115ff2cec7a606d501189e4208ab9ea52

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.1572bb60940ed846d688d7f93d3f30b56ab293c2a687a0e43c941e1be55865f8

Filesize
150KB

MD5
365e970a6c7485b2673912b6063aafa2

SHA1
5fc2d2fe8e4158115e4339a4590f5532cf47e176

SHA256
1572bb60940ed846d688d7f93d3f30b56ab293c2a687a0e43c941e1be55865f8

SHA512
ff73cd3c3edc1fdbc63aedce779705a42e0b1e8e3be12896773b6e1a442ba7a546f64b394cbbfa6dc99f4a2e50dba97acbcface570706766e253eba3d7c5ed9d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_dee44779ec863a5097d7499f2a6d35fb0827881e6738a06c32714f395f5ede83

Filesize
640KB

MD5
6efcabbb1e99fda31cd21e5ed717c995

SHA1
2940aeb602e6ee8d30928d4b3615fe4757090d03

SHA256
dee44779ec863a5097d7499f2a6d35fb0827881e6738a06c32714f395f5ede83

SHA512
8d9052b298835f609aa65c944fab8bf9eeef29e80ed975ad6012a63be3dd65be0679d9b3fdea53f81a05fcfcbe0d0f0ada71798d4de696e2c37aabda703778f9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.150e781f334f577018308f0c9956e228d21028d18c87aea1d51e00b430b28ef3

Filesize
577KB

MD5
8940c59a9c7db2231ec8c9a5059181b8

SHA1
42fc0f91dd949ef13d4a10274051091efb5916c9

SHA256
150e781f334f577018308f0c9956e228d21028d18c87aea1d51e00b430b28ef3

SHA512
c5e50d4dddf9453cd404271a041310c030cfcf6af889b0007c86e0b76e5c27b32b89ff3789db651882ebd48c134361c191829755c6eb291f1e3a6b398eb85a63

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_2910727e7e93c467696f786189ec787264e8db1d700c002720be9f5a371c8ab8

Filesize
1.6MB

MD5
22ce24aaa593871a8c6268cd51c8caab

SHA1
94a21777fbfa6fa990a759b74756c4d9b9ee9b76

SHA256
2910727e7e93c467696f786189ec787264e8db1d700c002720be9f5a371c8ab8

SHA512
c4ec8af268f5aa9c9d937c721c942b9ee6b65d2ae70a0db85a4b09ea9fb083d7f587d89abb436f69fc870a3f0104f556bf857869009ea4e567063291e318215e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.5e9c33c3cecffa169dd374490e00f08aa96c477dad798520409086c1efefbbbf

Filesize
9KB

MD5
e9491410e372d267698b483c159ec266

SHA1
1a4d807d74b963c637d965af753d00174c7620bc

SHA256
5e9c33c3cecffa169dd374490e00f08aa96c477dad798520409086c1efefbbbf

SHA512
b0e23e84364487a9755457e8f2160eea96def5c0af36bacc6a4fa8a306596800fd085e8a96fed5562d8bf6c367e1475c87d1e1e07c444b96d0f7d317861fb55c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.dd7633c0a3f938350e3d5777455ef21cc9a85acbf27316b4e295bf9888c515d9

Filesize
77KB

MD5
f6d763deb52065a1e989ba71294ec923

SHA1
e8b992cfd955d6047d0f49695431257a3efb9e92

SHA256
dd7633c0a3f938350e3d5777455ef21cc9a85acbf27316b4e295bf9888c515d9

SHA512
2f5e8e159d767d8777b460b6a7a51276bece5c5f655a4faabe267b2059c6472e1024fa13ab065a0a6094dab680370122454ad49612ed762590246c6194cf4be0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.dfddc50886ccee464d4fc01472513db1467df85e37ef600b19c1ccb8a1a4dcd9

Filesize
5.1MB

MD5
be3e537007af657edbb6f5cd2eb24e21

SHA1
2b59970327411f62c4b29d93f4a8582c928bfcfd

SHA256
dfddc50886ccee464d4fc01472513db1467df85e37ef600b19c1ccb8a1a4dcd9

SHA512
b79b69db8c7ec82cb74cd3c9e986e19f6a92450a85fb9c06ccb698377a502a3b010896ef5fc510af94dd4080171cf37d3eaf9e6b935c94960642bd571cdee2b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1858\photo.json

Filesize
4KB

MD5
7b33f1bfa8af756afa4b54761296a493

SHA1
45b1223c0d6b473c3fc1bb6e66a365585ca0a2ca

SHA256
41f3cc7c4bbe462d01873ad537a692c8a88d090049435dbdd0d5477e96c62ca9

SHA512
3ba9fd6a479080b9ba3f8a5aa61c714375151d954d170bc5353da4633214b3c140a4b3247fe211e7ff8223a16bd10a23042551f26f0a77970866599dd50e01fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\manifest.json

Filesize
552B

MD5
caaeb1d76bebae56fdc7cb19b9e8c857

SHA1
3c5f1f273ca4c3dc49a46ab83f9f5cb8a184cf65

SHA256
fcd74a3383a0cb1dc9cbc54b9afc4c441cc81e2ed545fc0fe97473fde8993cbc

SHA512
4869fb8935ce305ea63e51ffd7c3045769ff32aa6be326a14a80cbae72b04a1aa613615c77cb865a25c45d33cd3066a669fee88b8ef260f6165d611ab244b687

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.10233\list.txt

Filesize
5.6MB

MD5
30983f64e76b71dfe3d3502eae6b6fef

SHA1
3d00132550474b16bba0f76acc9fb0ead0e12982

SHA256
e6eda10e96f7c0d369f7495388fbe5116019a830630660df6702a6197f422777

SHA512
9ba09ef29d7814b76baeceebdc77fac769547a8c1f0859a4f1ee41fe9c110e2a28c6ceea3e2850560fa4b6f1fc1da00bb71cf6be77878644e917f8b8856394d2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
76025b9fb7201faad57e95ac873e37eb

SHA1
25c01eb7d9a63723eac365d764e96e45e953a5c1

SHA256
03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

SHA512
6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
181B

MD5
95554ba7f08e49a814dfc300f922e17f

SHA1
b8bdf85ecaaae73d973abae279140919d88f6355

SHA256
1bd778a766595f98f9e8decdb1a56f79bac10dd4d22e494b56f55aec17bc52e1

SHA512
05775295540323ef4f9bc75ec8eea10df3453c47002f31166514e308c71ed117dc8f6ae807fd3553df665d458f45c03a8394d1b2e33776611fa104ccea2af11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d29fe100f78d0930f566b494290ebbf9

SHA1
59bffa675a1badff72ab44bfce9ce1ae67c51dfb

SHA256
53ab2b8096a538e2c677ff6a952c52be76339ce435f13109670c2a2e2be99390

SHA512
8c45f604e1d66be9cb264fc6d951fb22874b6ff905fa08a4b3795eba661d2a1a593672be1c7912ab03fcf5ed81a0a24759777992fd169533a3c7fa5e1d4ef26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5fb106b6c4ee52568c61b0ef7db05f1d

SHA1
ec9194507255f6db407c36b7134abdbfb7c60731

SHA256
e2c4be9f346aed73a23ed77930176fb1c04b367a60354f5adca22e92458b8590

SHA512
41c0f9118a6d537792031dba4265548189d14ffaec1dcae3ef20f47bdc258471ba33952a25a6f218f056409b27892b7868ac54a877a515ca0e4fee30f15181ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
da81d90f472fa81bb1d7efec901c679f

SHA1
c3120d152791262ddb7e33055828056650b4d5d3

SHA256
dcf7686f038abba12e4be3aaa2b6bf26c054a86994c9469cd9b9da2c99d0d057

SHA512
5aeebc3bffcffd7cd4809c5e66c4996f444c312aa9b821b0f6760167be33f2a4d111b22f97464a9cef2b6210a791f8f6e7bf57a2ef91ecbcc8fe6ba56eedb9a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e096dcecb6b5f6aa01f956360924e63f

SHA1
1736d8b03bbfd9c6399c999a79fcff148b2cbf38

SHA256
f67322d20e7bc95fd0488f942436aa841a7b12fdf4988cd390dc9097940979aa

SHA512
9167b9c8a6a3ac6f825f423f4ef5d768f7aa220906536bedc95c67cdc3a0e3f053becbcb6c5c024ced26afbf4a817d83e2d7f28cde1b094f30bb5710aca45b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
75cee8933013d57adf26c6ac74649743

SHA1
5e6ebe3868378e39f4e99f6b14eb6159e91ed305

SHA256
4dfd86320c3fa8a041d3936b31cadda1a3ff14b422391557068ed3f9992f4fcc

SHA512
a8bb7bd838954eb7819027b9897712d852338e01aa1cfa1ae6a5d8f42d9b0e3f3fc84df153f9196945b4821bb65becf388231d72f4f70bfa1ef1b3a422e08b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2c731f8715cacef0454a2b1c3565b4e

SHA1
c0da65b49849fbe33c88a55ed2486212fa715224

SHA256
52adef61db764b81c2a396e1a5fab8313ac4aecbd2ba13d9de40f9de044829a6

SHA512
61eaafd6cf458ff69f642327ea4a6e8e47b7a5c6596096b28d840ea5ddbb5213a9e1e38b92a02cbb690be8b44f4279842eddd217d18058409a23432ef012e5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
3c84d533bb791d28c1351627f4c30faf

SHA1
0350623b9da6037ef92e0f174e5b86e0ed85c7c3

SHA256
22d27c9bc27f8a0e9f97a747219cdf2b04c103427ab8bb53a0c5948efe20e325

SHA512
e8885a817c15723290f2f570efe8bc57b8062117df6dda9a2c64da8a3001f47fbc5d5c3497d1807970c7d6471a1ce33b968e48398e34a80953a5ecc522fd4f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
3d578876311ce5cbf0b67cd446d92bb5

SHA1
2b2eccc63fefc028e47d20c74daf967950582ee4

SHA256
607473229a140e2b0263dd746b4c2e336fb5acd717bf722224acf78e234be5d8

SHA512
ff1df89228edc0b7bce7046df0f19eb875cb2990bb5fcf1f0421e34ad5f00abd8ba23d213c45811d03a46da519d6f139951802d0be51718e751addee4c3f9e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
d423105bdcb9dca32657028f1fdfa6fd

SHA1
784a973e088070535bdb04e808ae20e9ac61479d

SHA256
98f99de75dc4d363242d3a3598c8a34d6175d0a7ebfda7592a9fc80ebd23ff3e

SHA512
79594abf1e7afc25875c99480e3dc1f4d234388b6e80e03fa78fd64911cc7eae46e47cd26dfd327bfdacae385f428bfb40b0424108fcd5d87fafef914fac15df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
52522d8799c4b06ecde5242e2eca5e5c

SHA1
fa6976bff9b2b90102344a9681bb8562734a7677

SHA256
ba75866c60821e7ba4b67b93e5410b15b6ed3b720c2f3434d04b32ef3914d0f1

SHA512
b225b3fdcca4387c723a7284759dd438805b3ee679a9a299079c5b99c188e043e0ca3cecb509971f3675fbfd7b3e3efabd69988ce9a01f6602b80ce226defe1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
f6e00fc624ea9185c8ae157d84362a3e

SHA1
dd7bbf589b9f7f2bc86a3ee268d581b33b8e714e

SHA256
1cd444388b5d86456faa0acd4795bd2bd57d8442b2a5a1506d6d03ca7c1a46d9

SHA512
37c4b28bbae89f22d103f0af2c67caea966a34b8ec1664ce032ac4f9bf2d66247e46a0282830dd35247f04079c3f03a02ed6791f81ccf8eb778dd4f398f48f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b299a435960ea98dfe758e0f44bf5d2f

SHA1
8005334b8d894ac49a772c1eb872019150ca3cc4

SHA256
100c8ac4dc98f930ee822d2226da063e52410058c5d00d6dca8baa21150d16ea

SHA512
d6d4b85f1927c0ad08fe54894f101d55859207853c1a7ab5504937efabdfdf7b12ea4649b44d558d87fa26ae0b5e5ad7b4f7f26aca68cbfcf10093bbd556f3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
01dbfadbfd39b4fbe4d00debef87a9df

SHA1
fe9ba4e4958ce86f434fbc4a371b8dc0b4015117

SHA256
e5733174ea04ac47bf2cc68de932c9368b1f1f5409be947d746d2b6fd0f01b51

SHA512
91d785171dab1816326fa3c59fd1c900c3038596600c49ae1dca8aa3daa707c5ce6ff81d28fbf3cabc45ada821f4602854f97b0e0e656ea6cc4e68a4ce1d5312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3d9916a97928ad65b758ac904e709398

SHA1
093dc576f7ff8d004d73faeab6c6976769816cf8

SHA256
01a6b583bd3910b5d7742873344bc1a523131341337d9a9ef4c867bcfeb049c2

SHA512
6421ce05baccc14abcb5dec54bbb14ecc3ca2b7ca5968823e96b4ff3d563130ffa1c3a8bbe303a28927b8578d1916a915cb525b46a8309303405bbe6675a3d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6b8fd082e37cdb0ea8eee081325bcab5

SHA1
056df65742a5937305d6895e15a1a79e956e5528

SHA256
0beba46463856fe1689718cf065b3ca18fc0e2db0d8f51c7b0e9097a7e547381

SHA512
3af8c4d18b767f7a8c0049324ab6ad556b73ab6cec82ae0b94b5cdaf90551488da54157b4e6590ac305b592da8adfc62fa82127ad5f03cc6437d86019aa3bf74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9ee8c6b73561f6efb245c58d4c726f37

SHA1
fdeace7dd23d435c1216dbf5522f269de84eff10

SHA256
55ccbdef7f1f4a9df03114303a0e942b6cc22110fb9edf48477b36c5f1c267df

SHA512
3dc975b64506c22f5b434e9de3d8694426b0e035c20c351068c55e29e1f89ad9885d7a2ab1b5f3b32c2e417d653c230596bb0553ce87f4fc2aaf11734dce17f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
099380aea95dd876e3403f98b6f87bcc

SHA1
8ac7c8c75364dd79908ed9ab0975c8b285aac45b

SHA256
cf7fc17a1687016cfe6e348dcba53b7b5bc65889b83a78aa43d2099369296d49

SHA512
a2b923f41d2c26c41873c5abc704ed3de8dd9e6ff5f8efce9073ca8cd077c6fae60d2718de7bcf150acf7029e557a518fa00a06b2e5406da8bec0356345079c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c04b1c7925f1ed6c58ec4624795ec702

SHA1
91044502fb17bfc03c0dc3c20473374977a6fdbc

SHA256
17d4787d6ecb5b486644fa8db04a96a3f268c606c07b786bb067b29d397795a5

SHA512
3c7114501b1880e467f3b254910e00ef505ba4e5b42f49457497b3fc6ad0bc39778b86b778915e7b539588de32a35291b419b47a4bfc2c9f2e950fa603515c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d06db77966ef2d6314b28eda35c1488d

SHA1
54f88fccc290f35c78ef39e4235f6cdcab6b749f

SHA256
c2c890015147f467aeae1ed2ad8f6efb665f8a3a4a46250e0f0363b28c83ea4e

SHA512
09518aa5db17a4f0f39e49d6ab43e8e6a358926fd1f4c3f02dfacd9c8eafb902d9c6cc146f26a97a87b9f08a55a87941f47c96088627e5d94473301e4a201a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7c52e9c027c6c2530770f7d5d3d6685d

SHA1
d00f576f20715979b6d176e7b9487a9ff7dfdc91

SHA256
e899f8448254868d0b6e44939d25d2f73796ae8bf397e44897575ca49bf36605

SHA512
391db2cb4413a223b3def939bffe9477c2824226fb74db98af4fc3284c0780b380cb2932e23bc6512dc5d4862bef737d265b6cbfe5980651cbdea916ad860c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
64f61b5c116a3cbe330ac3b04ae35417

SHA1
78c5dfdc360e78e6b55a1cd556132cbbfc0d31d2

SHA256
ec65e91a0132de43288e272472c0e3507134c5700def9a3761156418ac11a8b5

SHA512
ddecb904a239774ec49f79ba0e1d525f9a068bac56317ed8df210d51fc7e84d6988cd00702d6ff7becd155dac9dfc383e25bfe6bb5eba7701d747413db780c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1b2d39ea76f3e5254838d6ee25dd9dac

SHA1
f73792c09f5e9a9b84fb641649173f687d404a21

SHA256
ce9ebc4fb539695e67fea170397eb09c56245c4d3c8061449216d921321f99b4

SHA512
9139f2c919f94e4c3b0ca9f1e757fe55626f6f4bf55a7265a029fc52eb0939ed319f939918c2360b95df932469fad97215c9962d664250fcbf2bd2115e85fe22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ef93fd28cf8b73522e510bd305825b37

SHA1
9a1d0c7c836d16660e8e81e4ae03f2ce6f13e9fd

SHA256
a412883d1bf8d0a63de766e36fccfb4adb2193e5c905fb261aeeaec5d6d2dfad

SHA512
d26145a1272ac427bdd0766a9d0f9208d6828be660de1a7331a476903af9096ecf76fbe62ed72a4ebcd0bd86741484a84f52d1ad3df280c2c116f7da896aa6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9edaac26f8dcb26bba857f53dff062c4

SHA1
997dde9bf84f5e0643940f2e4f0de54eabc2397f

SHA256
f7f920b95612520ff6cd08e412881de25f1f9a659488706416d35bb7836f8667

SHA512
3b15221eb1cac4fa3bab1c601c74d8b1faa55758a7bdaa06e4a24935b4c14b8bb2d411cd8fdc3876d764d9bd09cdb3c52e43ed56706647fdd265f592abd02776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9cd08bf04a91d0c9a70ed5f20fcc517

SHA1
bdfe7c9957a96be41f169f8366b821a09cab4f2d

SHA256
56df9a759714b8bc986d21f93227fe8492ae36fb6cf23549dde7afce6c53e09c

SHA512
1ec2bd174f7b36b866ff1dc80f285b353ac3ffaba842168f5364823038c4b2aea0efec33b30a5c92efd9e64eab8421058e7f281fc706e3a041d5fa0cda63572d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
07b2c1f6d8671e33305d646143374f87

SHA1
cdc941af721c7f9b37f3f896e1d22fa943c9f956

SHA256
06c2a25819435a534fe17546c2db3b9d05b94a5a791bf560ce8a254c1f22ddb3

SHA512
233017b1601500cfa6e87848cfef5dd1cc7a033fdf55812b767e7b46acd1727252b74a2e72956d3598fd3131d716a4b32555360f7057738b468f74d0191622a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
5094f8c52bcc4bad8557c6a1ee1d591f

SHA1
e77b28cdc51a6b8367d04d203d635da2fd923565

SHA256
aa1b8264691081233573463116451b37e6619781dd8fcdff956c858a1b9faea1

SHA512
d87ea22dd5e445e2fc698a70b8ac1469ff8093e473a51ac1acbb628f4eb05b9bf293941aedfca0ca1f586fd4c537033660b882bcb0f457ef93c5b5a4ed6b0fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
696368dedce42c0ed6acb736f7116658

SHA1
c7f16bd87f09f39a7c473990ce47010deb64f8c4

SHA256
0dccd9afcd91562a58e097ed04e31c86cf8b31fddb63f3da7caaa66c6ae36bab

SHA512
5fce315d16d0c32dbb21df81bc86b9b5ceecf107162e69fbd95a3feb5ac24f0747489fc24379936b0a2956c9465a6783b838293e3abc69927599dac027b8af6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
21KB

MD5
ac7b5efc41918caec38e7a20ebbbb339

SHA1
46e6342137a9dbddd4993e18f3072f05852b8783

SHA256
70a6c1a3a631cac5c571d9dc88c219df2b91f6c2ba5316a513c7732db33a603c

SHA512
e17ca19de1ec93c73fbb33dd75316c73277f631d05df5057953def13ad91e1a33233301bc6a0ee7148d3243321f48be373bd47fa5a54c967e0add1675d50f646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
37a7a81643c455668ea544a23e7b3324

SHA1
f69a1747685ea07029a767cbfc012622dc2a5c7d

SHA256
29bb86436b602fa82a83c82bf2a1fcb581ef2f787c6be9fe9337ca4449dc0b17

SHA512
4ddb2711360ffb9b728978d955f7d40392b56963c49868af786e25422e9dd7e0dc625c7b17a9d7b4c039921064db72ec1c9c921ea4b343072113b69a948ba76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
21KB

MD5
1993b776c9896cfa9eb5adaeeb673443

SHA1
a39e6ae9764d1a5cc9657510f7b2d6dec5144e1b

SHA256
53746cdb805ab0b3e3957da954126f7415c3e3e05d7ee7eaeaa8805fb802928d

SHA512
e02c025777907068b808901cefedec5ad5a9662b4e18ff2316082dbfd0780657606d2dd3c0ff82bc413c3d6486f11d553edb1fe568a7ec13daa894996b1bb637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
20KB

MD5
91f64e1b9df9436a6c5d2b34e0dcbd29

SHA1
8a25af9a007e1e7f453b82e73493666abe8eab36

SHA256
29b00dd5bb590f4587dcda55f63c50a2262d271c7598848bb0816fe64ba9e991

SHA512
65b1965ad650c5acdb75f59bbed79826603cedd6c3b790b9dc578d278028d7c9c6c94ef26de379ae13d2f2f5785382d757dfe061f8d2470f2b0b68b8cc5490c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
dcb58dd2b9cb73c05b40305a12afe566

SHA1
cc2b64ff0b16350d6084557cd564d48c1e34940d

SHA256
d717708bbaa5a62d9b83d4e8f9277efeead8dd257da0bfa6d883143cd57c5693

SHA512
e917b3e79cf840a8201e5c08773bfd03364e33843f49e4e988c72024613df2ad65fc571bc65e687d35862c144fbfa2eb572d2f97f63ff379ff2462fafad5ec3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
21KB

MD5
15a26c7cc9b91047f4386846b975348f

SHA1
e1192f1da9ebc092c4b502013ad9d8d28cf23a86

SHA256
044076fa4c82543dfd3c61e9710e96044864caa680a893fe0cfcf445c4ae3ebb

SHA512
e04699146e5503844cc1a525676a0aab7704b3dbb4b9e6b9bd1707c5c2194f8a387340aa4f0e66e9899d82a5eb3fc5df9c1c190d0101fe413f66e6dbc9cdff03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
098533051cfa0713645d5c04b61c5e03

SHA1
70200e9aa972ef031dbd67c74af9311ce21e1656

SHA256
cb313aa41da77c8a774c08cd888c9bfe8caf360dc6218015695ad131c24e8fae

SHA512
88c3a4f320a8e941bf706474e21064513ea6176e0782b5e5141fac00d956027e38d0416e032a0a6387d0e660c090e3fab75cb69dffa789114d1494c47e3ee299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06e8ac9550405c5c90e5ff620314d200

SHA1
2bbb0781c774d0c12ba460cc2b120b742aafaaf3

SHA256
550d1eb25914890a2d8eb6a08ee1b860379d34bb3517ff70546708ce75032e7c

SHA512
a7991add104aafe6eaf669e7bda62e8099fbb840731323840a41986b610e3779b73358c675f01c335ca99daf64be904f8e0332249290e6fddf9748c5bbc5811e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5d1e9fa8f5eaa3ad9a4be01a44f7b157

SHA1
a0e82dbcc6463669c2b81b675f492d773639b34d

SHA256
51de388a95d98ec637c07568f18843eb32b47fb3fe7b1d0e332445630559db9b

SHA512
78ef9bd510d05ce949c124cb009c6fa3005e793aaf722ad408d06fd478c4f554bd74307fa1ac1af75934f6d5778633ec91aefec887a0d830a1bfafd609ab4390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
dfa3feb6267bb3a1a8345edcf6f9bf73

SHA1
f95e7266682ceb624125ffac5261e4e569cd8072

SHA256
685dc8fe8e43a32c25c6a177e7ce1d3e55f216a23fb16e971ef0c0df8febb3a9

SHA512
ff753afd008b0b9f3c8c2e6e63a39e84dbba9ca6897dc1cb35f3d245f0b204ce1660d9c807b88ce73a823f7db04623ae1b669e5cef0396bb367a40c852664ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7bcb3bde540a78531bfb2a3d3ce369ff

SHA1
a6287a2c405fb30c50ffdbb84524e4cc6e316c5f

SHA256
15d2d71c2cd0d58d63a0a157b1c0c74ee271940828282227d42b48663e6dfd2c

SHA512
89f5183304ccddcc5e4b31e9d0650af09a8008464242210f74970452c4a5c827c1f802177c2de0576c6d4b73b13506d93e1026bc3c8909d3f27df3e5140d5248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
45c0475ebc02f2d2201a8fc1cd31f3c8

SHA1
e5f0b90d3b8d7801f2c498edf8dc3f0856ef5128

SHA256
f5e5da0f80114a9a615428e815d7f76321e191d86d269ea6127bf7a024f8ff3d

SHA512
250a78087fe0dcb4190560ee9d715267fb2f2fe6f215ac358026e5f20cf44f92ba82c97994cd7b35d94bd3181b20e11f70c7f6ccd465a7785cb0ea00d81f56dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
50142e0c16aaf32de4b5c5700c2d7a8a

SHA1
e89e74977a1833c226f0de64a233bf27ab5032a1

SHA256
38ac2448652e14c720d394b8380842cb01414e726fa279237037835289403bed

SHA512
9afb5034bae44fa23b214f9cbd1776955ca8f4b92b148e20f5f5121dd512bd9d27e8e0b86dc2669a5cec88d629eab146e335d5f72de2da637d3bc2a60d2c03ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b20e632c681201b009fd930cef894fd5

SHA1
3327696ec58b88d6babb6228aa899c27e59386e5

SHA256
859bbe6c2606a207364cf1b6b473d639acac65f9f3be2376d1be407b1f2f8dde

SHA512
4932d62a5b81879d0591eb32bf7dd32eea67418ca7cd5048f22a742d7fa6f0c3e7f4fc1ebfadb31b6507450b1170bd205bd4601e0ad113a99b92d6d3148f203f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
01cde563bd5a6d0ec027e20db7eb0750

SHA1
e042aa54f9d9f33fbc8a994e08d034dff440eb35

SHA256
724ab276cad181ad74210d5ab8b21727d30737ab36a79f7cbba848ccc46f2be8

SHA512
fa161c175758599b7b6ede12022185bc552445b1717305d7020c8bd78ebe5c99c93d4d0a6900ff75d9edd2032f2f800ee0bad223eceaa6279cf80db65d782da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
8676d99a71bbcb873b4f3e6f16272623

SHA1
98d3d39e68724c580bbdad371014c780195b94ea

SHA256
5476518d8e5a13ed532c7a75a366e6c5a333b3fc98dc1fc0f29e2e1125986bc6

SHA512
3988b1836691ecc7d4965b22139c6cf3778f18d90e2a5a73d975abef9a528ac3eafb0870f1587a1272441814eec247c4309dd981e1ae9fe23cc393ff4bbdd5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
604c412b897b943acd478f4c1584ba7f

SHA1
245461a583e0e67e1c58a6828407ba2f70addbbc

SHA256
39c3f5d7d2651c746c3af761dfcbab5ed31b713718fad5566219319baa1be1cd

SHA512
fd3f7b89bab304fd3d6c7f1dea3292e706dc1807a15f3da8e9b9248d7700c06caf98a8c91c8fb5024e641d4969b7c94a593521f55bea068d357510d8228bf2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
21KB

MD5
6e625114eeba1f8332aef4cbf0fe5e83

SHA1
f613a2cd11971b69120e53dcdde15e671e6af59e

SHA256
b5312f49827dba951c55e9f9796e8f1cacf82f9dbf882f6047eea746228e3423

SHA512
aeb6009e6ffdd2749d1070f85ab36ea13be29c9130601ce62c324cca49d944a9dcefc662b0a501e330e050458c3443aa8d4f307d134c3a5773354b594ad69936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1548be0dddcacb3aab95882a9b781089

SHA1
ad05f4b5b46f1ad659ee85db7f56a0fb19c6494e

SHA256
207765b5a3edbc795c2b4133af104d3e8080ddc0d4dba202cac72a11a185cf71

SHA512
b7677b4f39e4afc4b9a5be1263e1caeaf864f8dbc09160945608222c9dfb3b066d71e366f9513aba999b2bb7738026d9fc1b924459f567ae2a8a487d776dd3a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
437e87c5b40e65a84a727bab62369f3a

SHA1
c77439e999741aad291038e0c6ccf2983ad1427f

SHA256
a7aebeacbd205c7f78e9ba280d7f115c6f4d94eb81113226e2aaa98b9c8478e0

SHA512
c2a54ab0c7a3354de219762310f7616f91beeaa888d61358d44e8527b817e254c2aa06995a88eac47ed341d8d7e64d932875e15d2a19e84b0e187822691b5c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
21KB

MD5
e2952cfbb8d025435a2a5062b5932379

SHA1
3869fbc1bd5f7d80b3b81e8d411246cbb0ef08b8

SHA256
4598949f4ed2aca8b3bb58cf709c0e9c4d83ffd6f8c3883ec85a0dea9fe466ad

SHA512
8c14b5c6b2e08b7ad53573ad61d05fcb0d3efda0f0277bca8662f03c2cefbf7ad3ba51f0603d19cef454cc322613305ed014e465175c9e389e1e3dd6ca7152e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7deeb79aadadf3b5df84e813b67a7ee7

SHA1
ca94e8438d390f9ff6eea8d41cccd379b11ef87d

SHA256
643cc8f89a1de29403cdb38a8653a2dfe247b2ae35a3ffcf2bef04f813ffbde0

SHA512
7e6ca9e02a877df5bee9e958adb5839f7035c61ad46ceda8d7ccfc084ca9f03caa384dfae11e80cd7c8982e0645f144f37c5b18c4e2525fd8a4b142eb765e47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1a653c378c558d641115259e5195a604

SHA1
c9726f4580d34cb5ed9eccd4ea21851344ebc555

SHA256
b4186bf9b3ffc9c6db6cca270a2d91b162b699c904f34f74c15a14b367f51fee

SHA512
2b28819344460b76466fa27de747b2d9def05005b53062c5ede6570b017957597e04190870b7e7f383e252bbd4340ad3b4139adc01014d4b359bbe953b1c32cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
815add527fd1923486f56050c74c56ab

SHA1
67d0a7b10367101e8b8453e2836c9856ca1ff202

SHA256
abb312557e8418d1f9d59af11210a15f685754bf5d6b885de4663461f73a1859

SHA512
0dc2d73a227610b7c1932d63de65a477dafaef7392e720fec59dbb437ef074bf32e38aabe3bb9aaf15e14d498b2afa4665fc3f70ebd0b2964379bb0f73f9ed53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3486c704d35328ccb74db4557c4e33e8

SHA1
146f0e2bf4028770502b82ed72e14e322b90830b

SHA256
eda1c4b4b9fe19cbcb9e0b3d291b5e9e966677b224c1e13ebb365641a201ffd4

SHA512
eefe4229718984febd45d4c0da6d034bd15e2b647b0456e1cf787ff523c181939e48ac2a91264838dc6934592d6cc41417e69b8d211b30f4f927995ceae46b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
106KB

MD5
ce31f0c99ed5a2b217c86d05639d0032

SHA1
f401aa24dee2cb4b9c106e6361d113eeffcfaf50

SHA256
f065d392d8f1eebed6dad179c0bdca8b4e0100c73aae435ce89939caec5bb661

SHA512
eae9898f7015af87142d6f9e92180cad8277d039786c1626f14b82d8f31c47732f292685213ea766a4d9ed5bdaca709b720e2d0c72faa325e11447c3ab279f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d1f04f254a6f6aa1b899219f99b20389

SHA1
5435420db255bebeb9cb8e586ef701ceeb01e8a9

SHA256
ed6b3c7a44c80dbf07347f33ef95d8cf8f05f2ce5379c59896e8fa2ecd44c7f7

SHA512
16dd93535ee0292bb155591b893868eb47759a5b3c4f0ab34cb07272798968cfada0b552b2ce719e5472925cecc28bb6490ac520bc8398e240b94122cf782c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
e0da88db8caedc15953261fbd6edb9a7

SHA1
eb6e4fbc6a612946b9537b1355693fd38ee2228b

SHA256
ee2f5543a669a1dd5718d0589b94720cdfc08c9a36d8be5dabbcb7cdb2a569f8

SHA512
2b8aeaa604060c67b405358fe67e5242060650b03014e25d0d036a54a3e8a578ee4e74e189c7d947342b593b66cca461bbcc843406236c47ec31c04f019b38a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c40d108fde6a3248f06c4e00d8553a4c

SHA1
54c168663512f8cf9ac94849fb121ed5190b6a5f

SHA256
28df5e06bf74c316f664ca6667791d3ca82e8c0ec1693585a7def0391fad9cc6

SHA512
b97034b71ea2047863f09e0997d2e386d7056dc3199ac48d3de09378f58015ccb0442ea731669d44fb37a7f943849f3cb4025af58f337c9781b495e223800b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
e77bfd69253915362373b50708eab565

SHA1
dd8908473adaed87d607ff1990124a9f717c71dd

SHA256
2de0fc9ccad9a5a3bf75728adebf6649077a8a23d291f234752018d1bcee28a5

SHA512
0f6eb0b67023e378f68135c0cd8739cf03915e25fee1fded5713ac29037aba852c362941119a7343b2990119caa21cc428f33c717e2470fd00e5f84be9def018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
37591e57cb4fd437ccf47f7c247c81da

SHA1
400b1976f65a9a7f135bd60b95e9e5872860d7b6

SHA256
89ff36a057846cad7bd847a14e2cae08a95db2048b4af5fb95329ff0ca476ef3

SHA512
ace24c082db6077352d1e3d9624b562564944117d0d69eb5edf089afaafb2be3501917c440eac3a42b2db348126356bdd0c7a6a3a17439cfb6d89ba0a65bcde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
be5c4e22ac3f3a06851b01716bb1bfc9

SHA1
aed06359cc932b6b429d164b0b930df09719787c

SHA256
2928633f665d9b64e15ac7583c2b12e1053da408f6c3c943293a227b489b3a74

SHA512
2ec6957ba8c5a78287fdf63e0a45411d094664a844397c9ee94998b1e23d6974cac931a2562323ff91cd294adca1fa67702350a3939cfeeae7f1c74cdfaee056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
738ac062081507655036fb62094db6f6

SHA1
92a7d73117dd0f8d2c148aa126b3bfcce87d33f9

SHA256
e1e6f2a7e29c5b0efca10bedaae050dbf505d320e1a85e86716b85cf5859354c

SHA512
d0129fec9714d4774048c4e1800e21e43ba6d33ee646c069301bc6f08c78fe7aab65a1aebd200165da388a461eb4cec6b61f926466da1e92624f05ec7bd07e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4e851cf0d34fc631e4a1b765159b9b5e

SHA1
c2d501fbadaf734502589b1facf9b97efdf33d9a

SHA256
622d856b20db8ba39c283e9290fd21d3740261f4d47dd25e7e65ae96648ce845

SHA512
27f68d875017e2c2a125755475bc4116c1e06d8afef00e796cdafaccf9332b8ab07b31743a37d68dd2b1452281f81702e9d05c24ae85b8cacea6c993eb807034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
46f7a83db4c0b7abcf7f414fb6af7770

SHA1
616574c019d993bdefed8c9b69fa3860c7af9e03

SHA256
01f7152c43bb316ce6ae4e9e7d6a9b4d31e843601b9ffe815a245b856744f92d

SHA512
9c77761b9e53ce6518cfad1201a7979ec66a19bf8106fc6e5e158dfe1d14d720eeb06f1f2228f01f54416855bb61797b5bf2a83bb12d2b36115964fb274a4157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
955f20cef50bd3615140fc81251b2770

SHA1
4977415663bc825821774c3032bee74f5f84fd8b

SHA256
86aa90cdc042fe2a4fa42f3d204acd09737bf1cbbbe201d3aa8e26b126f083ac

SHA512
86c10ed11e3bd4067e3db8b966b9f3638a6fdab77340875b420cca9e29ac1dc745cbb8be17390c5438c1bec97fba6546a12a1249b871ff40edc0c8e8ab9f8c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
25ba24ced7e54d3090fd9f26fa0a2128

SHA1
adf151721c73c7243b8179938a18b6b22795d567

SHA256
e369c6f3bb6320cffb457022c05472b73cdcd4de02d9471003c2fd369c968923

SHA512
e6bb39b00c985751f6b2975502d49bd8fefd578102d2ef124b3488e5985033980084bcf040819afb4f7c4647e9bf25e61510f81f4c5d9ab5d92c1fb7ff98b277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b7dba58cedecd5fb5691200f4aab0c09

SHA1
eeb7bcf5a4b1836c6103e4309d1d2d3eabb7f629

SHA256
e140b2d278b4b0e2b4eb2147e526db3389b04727d18ab460a997d9dbf6e56974

SHA512
78f17ad7ab73db80edbc4c624ecccb10d1d8f790c79efdb4a38d1a9d385e8da2fb93f1f7bc0ed0ce6748d888b45b9c4b67eccf44b1486bdafad0364df0d71922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
7a781f99595e39d331c6004a04c76591

SHA1
9d2c331415776d0a8f3e4bb6d62fec4b1f65fc0c

SHA256
4130d265322dbd83e7cd898e44c3a80fedc9707addb03598beb2711b8ad67679

SHA512
d1eb0653678c84cfc84f8bad37a60a2a4717fc32782c457c65d725b3eeaacfc11848939a68c67fe0a032f4fd97a3486916173a9918c41daf398af6733f2e4fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
8ad565200bc2b0a006d4c76ae9a4b7c6

SHA1
7556fa314b71f6eac0300ae7f0f8cde0c81c6a27

SHA256
94cad99d72edb973841d53183a28f5f533199059530684b7c8667538ad91da7a

SHA512
35586f6861e56df7049b1253a09d61e3672f5d707afb3c6d941a5f21ee310651f1a136ba5d050ba6af61d4c4a9f04f3afbdad459947ac305a8973c1fe606a57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e2ab286eea532a7c2f7fba264503bfce

SHA1
b761c8c2dccda20dc22fac0f93e0a8c8210341d6

SHA256
e2d0e246487b585847f28631330c9878408eb3d3988a5ae63b487fab652caef6

SHA512
505ecbf4eff67c50048ab5fbe4161658494b10833ae884d8d0badbb553ddfd4bf207d31cbf97311aa17536634d56c0af6119fb2b73670f55dbf4711d42736eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
2a713c9b09d333b1a7b7a59d6b0c6e06

SHA1
fb0cc0f4efa34dab4bd8477c60b9341b62993e0f

SHA256
a666b56dfef0a2827cd80a2818c948e60abfeb7c76395caf10f6146856bdc4d4

SHA512
935f4d9681f67728a8d34cbe6f2c0fc66ef86fb9ed5e200cbca86479d6bd2bf05dc3f0bd3d1af2daf0cbb3350975be95477fba2c57f4f28347e3697d227b122b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
ea5e8fc0ab9f7006f82ca9dad94f4a4b

SHA1
efc6b747f41c5633e09c6ebd1f3f9082a0e1fb9c

SHA256
ccc438868ed7b4b6ecdd8cf125b12a88bc1be0461f1c2341fab36fef57c41059

SHA512
c56844b6af0edca1191565f2bab373f165222d6f2555b7da97107c5996eb892b8703e88d051acfc964cc9bfe1c7c6882470f525badeaf51c2ef84c585119ca9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ef7823e2cfaf3127d43069fd2ba5efbd

SHA1
c9d047da675eea5ed42ff79d39ef4b38aebf35f0

SHA256
07e6c4a6d158b3ca90f68fad96c04ff12993c446fe743c548df089ad660555c7

SHA512
f0d41381609d5a78c4e63a9cabc1024c08636b6b324e44d3ab900bcb2854f0711d77a60c5395ef3cb636d708de9aee1a8dab3e96c9f0f37385f4a4f4625b1768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\2\E6DC4029A1E4B4C1\C8ABAF85E1C3A94D\model.tflite

Filesize
382KB

MD5
6d7c2f9e94664539dec99b3233301b01

SHA1
85812b004742cc1c211c92911131ce270f8ba769

SHA256
a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534

SHA512
4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\86b61570-b4eb-4e22-a13b-d2460ad0a270.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1883e3f7-3f85-469c-83b8-3ebc87af7153.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1un44suz.dhy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4816_1386828921\61249e7f-fb36-47c8-9a5d-d364c2614675.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4816_1386828921\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
bed3c1d4333a07a1603f679b9b4b0e29

SHA1
edf46fd76f5b4ba045855747355d15a608b789dd

SHA256
d8cbc4d20c96f2f2d7300b8d7807be6b4f1be195131b007f164df7aa8abea972

SHA512
50b68e477c8e5cd966f721da8bc4d1b70d28865143c5523a45ab2103eba7866ac4bc190f7bfbcc7de06637fbf6b5587c4c217e16f1a279ce533c82750725f863

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
10KB

MD5
cccfe7c343d5730815f5971bec101a76

SHA1
06f403d4e824f701aac5dafed4a762cb7408bc5f

SHA256
60f575f1ce91fc139b77006465081d961f0d15415332391d0a80ff9f6ad0c690

SHA512
2941b2e321fe69bd20403e6baa4d2ea36416f76a821f926569d9d8cffe7d1d218d9867d25f2b80b15fa20b54a6a9315948269daae591928ec700d0e75d80aaf6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
9KB

MD5
85be4cbdfdab11f262f676259a01b387

SHA1
f2af920391d6ecde49299cf29ac22a143c3a80ac

SHA256
e5e30e1e4b5750b299c3eff61d4e710b9a81353ac27825932817d88cb0a80c6c

SHA512
2c20ac722e9e448c1a035996bc5249a1176d94eb8b77efee9aae9aed7b47c73c48c2a3da2d6ca31e7b7054a454298316ab0a340de846456f9e5e9e2e5198d911

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
9KB

MD5
30ce0194f8dd2a329d4bd99191ac5e6e

SHA1
1ab326d2cca20fb917235b327b41dce202eec4b7

SHA256
b98d22c2aadf9be986edbb3d14e4f7d52c4b47c04816c0358088cd56798241d6

SHA512
bfd8de2b50679cfb7c3f33b59461858e4d7926ca8ba9d86872d600579e6ecbdd0b9916862ed60273b664a7d58410001b5353d9b715f11190f978b28647991477

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
17KB

MD5
620c7cce95120ff8618d48f030bea41c

SHA1
259bea8ed9257b62bf95e8f69e30a76d23b5fc2a

SHA256
eb0e08aae424e406fc314efe163110faab1f09819ef429366b1845da2b457d9a

SHA512
b7dc5c98286c497ace812b1cbbdccea70a7026e899a2cda1d96eef28dfd913980fb4f622102f7fbf4ffdf6f655bc7948f89e7455a3f7a9881a732f3652c1cdf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
19KB

MD5
59fbd71b99f445c1ff6b9117ab34f082

SHA1
3bce987f9f33a510a19e45479322fb72bd30cc34

SHA256
9161ea58e174c4f98e87d901151af8bbb949689909a49948373b07bb439975c2

SHA512
f236ec3a74c622ce5780f09b2394fd839001d34410c865f06911890d5367a82072d5000da1c621ccaeab83b0a2ca61f7d6038800de41674cb47ee20bb05179dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
19KB

MD5
5ad22150f065b42ecd123c8a40a8476a

SHA1
3de1ac51d3fe43030d93e962267d1ca7e5f9ecf6

SHA256
94e574e9ef5c395dc14b9c596a012bc369fa9795a07c98ab68e30d6f65961312

SHA512
e343d678e8d66a34011f14efa925684feeb3930f15a32c4949c1d71a0f8168851afd37863e3d71f6acf4214c291b29ac93238f934f14f05b801ca9a6f821b4ae

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 552213.crdownload

Filesize
283KB

MD5
d0811f9a07f86936baa8f17e07bddd27

SHA1
d8521b2d8a8155d471438893c2d5ae1e5989995c

SHA256
ee3a857134247bd1f7cb69c77f9c70ebc81e4684cc058222ab4745a268130964

SHA512
ab091e001ee368dd1221e993e8b694bdd83fc838242a6197e0d1ea627085a2078e68338f2c106ac7d2da28dd909f6e7a929a557937c1e8f55606ed58068e79d1

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 607387.crdownload

Filesize
1.3MB

MD5
83417a425f8e38e7d4cad417df97fbc4

SHA1
8f0513631e96f8576a1ee88dca46e5d261b0d3ec

SHA256
79523a0be87173963077d174dd75554ce616d636e745f751ceae4abd747da923

SHA512
f5659a706c6745d64c09230a8276c2bb8604d4f4bec09a9000c18889c9da171f4bc28952069cfdbe383961956ddff789694c45d95695567b8963cf4d59cc860b

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 85890.crdownload

Filesize
1KB

MD5
f8b141f3115e060efd190796180c009c

SHA1
24d8cd1ad134f7c8a9a9dee65581c786b46a3d86

SHA256
97582fc81d5810258d14c94e9d0d3be94ddc36eea9e75fce30dd317def89df84

SHA512
6ec45f6b3c69be1515358df243a19ffcdbcab54c3a1484c1184490d11d7bbe8529982de1fe6e0d16bb9f780289361f93249a9e7dfc74c191a404d57103ad29da

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe

Filesize
1.2MB

MD5
800116bdc6c7f221f72cf5f70eb755fd

SHA1
0345c897711b7c51a7a9634017ec0f8a535fbbe0

SHA256
3eee2d8dfede35e4ca450be208021e4dd6e425ca887c97b1baed029468db3fa0

SHA512
4cdef8f83a1bb881506bc0a31e91014c420a3136425f6b13374b701a981c82877cec69f466e90bc193ff454a199ceab5b7c46498bbc753866cf26b50eb9d93bf

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier

Filesize
58B

MD5
62b357aa482645b14953a52a12ca487e

SHA1
d8aa3e8da9d16b23f3d83867865ac344ebdbbf9b

SHA256
c18642d5ef09f900951c221a0ede462aa6aed43d101f8664be343b1532c33bed

SHA512
0e3a7cf8928b8273907c2469245616f15fee75b8502c4c841620aae32f6252bb42fe24c9cab27cde0081d9f2841bb2d93612022542f510031354ee5ce50ca20a

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\Data-Backup\Data\MigrationService\legal\Qest\5.png

Filesize
1.1MB

MD5
58fca4c7b881aaeec8b8aa8db72fe219

SHA1
ff8c37b2adff7be33ba6c51863ad9d4ef801833d

SHA256
da1625bd11023e2cd79eddfeb3544a4d0857a2a400d53e2d2cc6bd6154d484c5

SHA512
2bbb21939f085ab476994c53ec9d4fba78ec4f0fa2cce8e2db82b83bfd29bbf635c565f7fad6bf235b2539a463ae530a32e859e2d79da4ab73cbe45479fca9c6

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\Data-Backup\Data\Plugins\Data\017.phpt

Filesize
964B

MD5
7b23a20dcadfd60ad310603ef8c62b6d

SHA1
5239aba15cdc55e58acd10a608e39b028cfa3329

SHA256
ed1b311a704d6e1a3ba53d49db3c4c9b8d23115294e88b1cb2d30364ff026b51

SHA512
4ada19207cba9036d9bd7bc06a2ceb2d5255008d79f8e19b7479db0e6a6fb40f62464a5730c4594fb19b7d7ddc2c64666d4fb3b1cb6d50b3d17e40aacf2205e9

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Config\Plugins\NvStWiz

Filesize
432KB

MD5
9e82e3b658393bed3f7e4f090df1fbe7

SHA1
bfff954b8ef192c01af9fb5d9141a21279cb9c31

SHA256
c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762

SHA512
de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Config\Plugins\StartupHelper

Filesize
364KB

MD5
14934caca84d5fe0288f27efb31dcbf8

SHA1
98c8c659488a5782679112e0ffb089422a664ac5

SHA256
7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

SHA512
9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\ReflectionParameter_isDefaultValueAvailable_Internal.phpt

Filesize
631B

MD5
f7ac95b4c50c8d987c1e0ca19f3dbc7c

SHA1
ecd4b2d1a895ee81fb23e041a7cef28a45b49050

SHA256
bbb42ccb113c5f8fa7fb7969d11582db6c7873bc87ae74fd11c3fd70b13788dc

SHA512
ab8b990ae0328f8e93707730c7f85101255ef9558e6c971c796732dea808de61b030d7a94ef603b922d8e0cc2f0f66d548781df75ea19288e9978a1b603ab270

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\TMRegEx64.dll

Filesize
803KB

MD5
75e94d3ca12a7b80d5779302bad90495

SHA1
3e85b6a3e84d455b6d5f6e3566f6309876d343ed

SHA256
eab6419cd005e8a1ed4757cbb8d787036e61fa43e6555cb2689f3716054c1c04

SHA512
3dada2a921c513642ef328d36854cda25533b67f68c33adeed75206b71e55ac2c002d29381b976374cc5683676abccb9b0049c664225dbdc512e6be75c357eb0

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\bug18556.phpt

Filesize
752B

MD5
a4032889bb59f7c23df4fba26ff07409

SHA1
2f8fc843e3feaa5c3eccde4003d64ed06243c927

SHA256
dd7a625eab0105e7ce5cd2d7913790c132cb618f7b6b3084d412e7d5ce3d280d

SHA512
8adbae88f76cf424d30857e5b0c5509a62f553872356b8cd5391c10173a89d0882dcd8b2a8ade2b2b5422fc917cccd8c3bea951f9a00e6acf01b60b6f4b9fa9c

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\bug77812-readline.phpt

Filesize
1KB

MD5
34f3e4ba3d8a3a2f62ae38e8c04fad8f

SHA1
ebca794db07f1ad74a763aac4d4044db72b102db

SHA256
c80f4e4f14003d409bb0f43715ab834f61aacdfd207bfbcd4cbaa374ed725874

SHA512
4ea74fd6b975c2f6efa498c8d587dae25bd6c834408642ced72f24ff110a8df5db632535531a015fde0ed7de014c146aa1997710ae32f309dac859eef3c00e07

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\fputcsv_variation18.phpt

Filesize
980B

MD5
0577f9191119a1292ecdf738828cda60

SHA1
8a260e8e43a6d9b184e1f719a791b53b5cf89eaf

SHA256
309fb552864a7ca4af452c5b11577aa6e5611b69cf0d58be1400fd5d173178c5

SHA512
cdd15c29300bacf93bb29f3093cbf1aea6c802521edd9da47b67071616fa292893e261ec0aad11183d3d3740d27fc4e50822e88a49da9a92e32d1b99d12ed75b

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\gh10043-015.phpt

Filesize
305B

MD5
b82f7d6c437e096be2fc23558a0c6939

SHA1
66212c78c1e92ce692e92c23e899b84861b250c2

SHA256
10640eecfd2d7e7acb9df25da5560cdeb47bb2e914a5d72111204f69b1aac4f9

SHA512
b62a01b539b51a4c7907be8da46c7d051f325e2d5d72a67a886076fc3ab5b8ba092e33a57a8ad4f12e6c07f3ea6c23e875ef308dc2cebbaeb219ca4393db3fad

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\header_redirection_006.phpt

Filesize
278B

MD5
d37234c3a4700873e4a957e305f86392

SHA1
d99e1a64fd7028d78da979be7491b483b1cfc057

SHA256
4b0418c357ca87e14a961ece21368abdf5fc91135777d38550c5c2085799e4d3

SHA512
6ce3acd8f4ab64f9d665f2d11e72051e6deace3e967793a889aa305047051ed73eb14e41a2f2b420b7366dbf37a0cdaeeb2e743777bc8bc79bc1d00d00de215a

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\immunochemistry.tiff

Filesize
37KB

MD5
a29bfa63306ee267a4d5040f94c7ea99

SHA1
3fab8137ae9f5e331bd0437f564fea8fd57178e7

SHA256
8496b93687ad4c2e04413253d06b363a563a8df3de2a773c62030802809e30ee

SHA512
b5a7432cbdc0441f187dceafc31cad55ade08e087aed06935b291a89a5a525be6cf889aca435d089eb2556aec18e156f26e5f90cde9547f51b596663332ec3e4

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\list_keyed_evaluation_order.phpt

Filesize
792B

MD5
ddb93202c70ca821037cd350e07ce465

SHA1
6db72fd98694f6ffdd075ee5254243f78cde1b73

SHA256
1f9ee77691dd3b69b57654f4f92c15cf53bf6d43e096d064299b662310bf41d1

SHA512
b0f5b30ae6688fcb7e044e540f49283f80126936b24f77e229e55e092a7a0110bb8e67bf9b7030dc580a4d7c9f3270f30883abb4724d5522e59c842362631005

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\openssl_csr_new_with_attribs.phpt

Filesize
2KB

MD5
5773125e401ec76948c72c83c965696c

SHA1
e32bc20148314b5b1f3065d0555fc6c9802100c9

SHA256
2ecf6a462a364ba0157f6380ab8d8a8cd70b3f23f1110ef1f8bae2e384a42537

SHA512
9730166a0256688c1ff8258679eee5e009866bd701ba7f367e8e8c9d5c31275fc8160f72d8336c6b42b41ee5c6e276cb93890d8b726199fe4815e771a214aff4

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\socket-close-on-exec.phpt

Filesize
1KB

MD5
7cb7cb7d7afa6141d1a6f985a88fc984

SHA1
a0f7e8cdf437c04804f2048c53754653b496fe10

SHA256
65647645ddf9495f128bf071eedc56d5fc1c05c24af7dc64bbba922739d8ce94

SHA512
7291f6329018d40ee5633bafcd6da6f5bd9c6448206f28752e8db8625d0859b92ccf04c958c0a4780a3af3c4cb838e47983df4f8e0f1bb6ba2bdf6a2d0f1d0da

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\Data\test_vendor.txt

Filesize
1000B

MD5
80aec646e662ecdb8f7677b93f39aab7

SHA1
5fd0591618895472bbfa350c9ea59356c93d8346

SHA256
5912f1ba252bac927720d0342e63b16a7e273b63e097bb3d1c8e68f9b0703742

SHA512
19e5d35c78cdfb64ca5caaeda5cd3b46dec21aa77c85d421959fa771614e5265602277c85b7557e58cae04d166feab5a9c5cb6c70c512a29852eb7b1a68fa078

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\Microsoft.ApplicationInsights.dll

Filesize
918KB

MD5
b54b12e54fdf7413b7a34af55e88b399

SHA1
52cc6b30835f2cacac164a82d23783f63b5dd6e8

SHA256
4e76d83d3a34000559cc7a4bc30e8a4aba502d9cab90028c9bbda3161108bed0

SHA512
1c6b460700ce7d42bf4c3c56b983cbfe2789f4ed6bf94ab8e4221783072eec6e5b93c43e43702ea2a72f0ee1d1f44394a37cdffa481d65e8f9f9736313b79900

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\WzAddrgcts64.dll

Filesize
204KB

MD5
6f3eae2c8926b4de98bf1fbd91908881

SHA1
1c8b033f7d89216699af0bac3f23d4d2f345ef15

SHA256
2af64d9db0f8b5b7245b63f29f312821aa0e5d04e356942e7664317e839481f0

SHA512
72d87d63da1f0a51df0bf465b1ef126a6630dd4263fe6c72812ae39b45fbf59f586ea3d94b735980d1da17750b5d57cad1b5f48667a4e66b8e45a857e09cc6f3

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\Balloon 3.png

Filesize
247KB

MD5
f0971ec0f8a84e4773733653b80fd36f

SHA1
0ba2441954263001304d3701f5d24a0fb67f7efb

SHA256
a6f50250d1842f14be8bb074d0e21fa7f73b4c57b2db031882bd3f956e18ba74

SHA512
3a2b567bf1ac96925b78c9563a3b9514fe2f227b9d5e319dffbccd52059e5f585bedd3b3aa465170517ef788b8232675401b6bf24696ccb9d5062bee0ecfaa51

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\L0.png

Filesize
19KB

MD5
34c38ea325d70fcb35f285106ae17f1f

SHA1
23202e18a44a4db52b11890863797c43e1876d35

SHA256
cb63c47bad132bcbc896094a8da4f22452c1029db1785d9eef28d7fd3d5983d1

SHA512
f2ebfedb3b327daa1c57dce649fc13b0bb2f680f371e0a532ddede8b0067e7b7e3277f05048f3846ffb820a306188d7b6fd16441ffa432980f975e102849ff01

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\bin\odt2txt.exe

Filesize
60KB

MD5
7740873b69ed9fbd043883f35625215e

SHA1
4f3dc44479feaef804c6d16af6feaeb98f2deaee

SHA256
87ccefd04081c88273f289e38052b172e3607803178593f57547adfcb9a41685

SHA512
5006fbc8fb283ccd2e181172bb675666e870bd861bbb0db6d7b1b0462331154ec9d24ac7b1c5ce748229d95028dfc5cea216c61297cce0da9d453b500bc00ea6

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\bin\sexp-conv.exe

Filesize
62KB

MD5
28dfa4942f159d4078c8d59abfbb0d15

SHA1
1189807666fb4cbb131a54c4e73a16d536a84041

SHA256
49a56387ba47d53025b2e78cd957fc465e5a8fddfc771d776f87ec2ca455764c

SHA512
2703edd205d55d6ffcfed968d6e2f3fc91e111d626443180f295d139b3d3d82402ecb4973e23bc37c0f78078ab47d9bb5cbf133fe8030088e19fae87c64fe0ff

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\bin\wish.exe

Filesize
65KB

MD5
04e5e2f8ad46008a4691874bfc4a7a5d

SHA1
94a08eee1b13612cc11b77ebf44ece901362df31

SHA256
fc199ee77bc8ab131cf21ba332fafcc8a7132e7006d69a6e4195d48962c87fa0

SHA512
5b5521a6f256d812f3c8d3c0a8d03210da6c490c5a1ed53743a02cc422b6c1fc1136698f5e41ba6aaee6b92a5d6e4a5b2306cd77e0b8a2e4f7ecbde72c5f0944

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\condition.png

Filesize
11KB

MD5
bb50772b781ca9544746d94ca5bb4667

SHA1
c25fe4f90f19d94ae87176b8aeb15a3ce721dab6

SHA256
c99bdc63217711d479cc25044de6deca1ca758efc2db40910909b5a2416df950

SHA512
87acd6d57033d245cc01a13d622d819528ec99c0cde776200dd79311cd43b1e2fc3277c4a4a1e190ce4315a9138646e14b4bba520ecbcc5db3a806a6d9bd6da2

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\legal\pkcs11-vision.png

Filesize
33KB

MD5
f62bc3771805bc323cb7713c4f47c67b

SHA1
cc0eade52eef4be3ad496255077f1aeb35ad0a90

SHA256
b75efab869b15d8cac0b8eb2040ddd675a2bcda6cf1f2d3a1cfc9a4401cf47b1

SHA512
34c1121b8f132d225504b10dc4e6ca4bbf38076cb8652dc58c2c1dea29ffc12835bb8bd6b8debc1e550c9a267d7720822a343dbc9a57ef2b9f67bcf2ba6f5433

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\libsmi-2.dll

Filesize
714KB

MD5
7ddc1f47c81f90f211ea6bb5a778d8fb

SHA1
a299a1bd0deddbe75b463e9c2802021934a37dbe

SHA256
aac65a1beea9932cc8d5976739139b37cbfb9164d1ad93012c63e34a1c628376

SHA512
f117981e67d17d2553ee33e0ec5099e03b55e3e8b87c751318abc44c56a18cdee6e6a80e1e6b70404c49dbf2601a916df8479cd393ae3bd2087182556b9a041d

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\MigrationService\msm.dll

Filesize
191KB

MD5
3109afa3173ddc16f9b08043e1db0ab9

SHA1
6076352e45786e341c5598e1bceb82bc98c7ea9f

SHA256
59ba38d1dfb82affc6ab8c797c9d75c18ca03fd6cee76a8ed542dbbfeef70060

SHA512
cfd59fef4344091179e772128105548e1ef0e67084105d4fe492eeb16b090f9a80cf18cfce626be125e3b00104079d21739451a8b97bade37d2f24af81bf766f

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\b2.wsdl

Filesize
1KB

MD5
565a3f668db9df5c72ed6f35917d145b

SHA1
851951634b87fd7f861cd2d6159a5f574e5e34aa

SHA256
313bf30f16f3338e1448a341ed691fea378ae551bce433b9801f4125cece14f5

SHA512
77b2d5c6f58c5f9a255e574f76aba8bb0d9f15851e90ee0bae1a82554b076502c1fa05eb3134f8475913faa9fed1a1a6cc83740ddd61fe560671054553317f11

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\PREV_Setup\Files\mc_enc_mpa.dll

Filesize
262KB

MD5
51f7f7019658c2d03321795aaee76794

SHA1
d72856af1cd0f95951c3b7fd335caf620eda5796

SHA256
e2c7640c1c3e6f47a42e31770db248bbe8f44974d34441fc36e8651bddabab3d

SHA512
26e5934820cd7df1dfe0ed2ae7a1002e60312855da1654459a7b7037a8e8de037934c360d05c1af2ac53e655c7fd1be45dc52adb486ce73a8907486b76d0457f

Download Submit
C:\Users\Admin\Downloads\D0wn⬖L0@d✹Fu11↺S3tυp_V3rs!0n (PASS_2025)\install new setup latest version~2025\ns.phpt

Filesize
391B

MD5
50ec300bf11c30b8cca353675d8ee589

SHA1
b90ea50b5ad08fc6482c3d15822997ff5b4c81bd

SHA256
25006c80fe10e35f65c7e328228cedc1e362b46bdfd57807f16d993331a06839

SHA512
012edb7f0377c47402485eed635bec3ac51f95187ff4aaad8b7b5264d7aaad10676eedf2f88d648a78223b4f097d52609dbf736130e3f6f56f0276f459960b5b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 691834.crdownload

Filesize
6.1MB

MD5
f6d520ae125f03056c4646c508218d16

SHA1
f65e63d14dd57eadb262deaa2b1a8a965a2a962c

SHA256
d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1

SHA512
d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d

Download Submit
C:\Users\Admin\Downloads\svhost.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
6113474ba11d3b14c967ff21e495b93b

SHA1
6f155f8e04e3ffc852a9404fe1bb9d3ac2530279

SHA256
af1fb9a17f88ab66da0b3dbc0935ad48761ba0d9271a33a93a7998f0f9a5d0ad

SHA512
ed5ca8ee4efc2121d870627e01d6263ae96eae94f8aac947dd522596feb72925013ee51084e3db94ac00535fd9d0b719af7299bf72471d65401fa63697ac5eca

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
d47aa47dd363374c5d7addc38d1e03b5

SHA1
bda4e06c7f3b195d253ee8d16665a6e1afe0a83f

SHA256
4a01396127a1a003f9e2be30d4786cfcb9cf648ddf5ee534cd55fcc217febc38

SHA512
bd81eb6bfb6c18c2a380d25b8f55c9cd5666b2ed9a56fbfc0a82131fd4a8a959a20e1afc2c5f874a275a0ef52417b0301dd28296996a82599b2d59da7d5625fc

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
67c2efc9f0e38c878fef286ce52806ce

SHA1
961a5c1f74562fb9f4e8af0eacc14565fd8c1ac9

SHA256
fe706c1bfcd4411e062748921d1f59deed7c10c7a1cf99214efe4cffbdf81fc7

SHA512
ed91f5b286f53c3f848cc009166664939a15b495d4c88aa0c8e89f05d59caaaf1ef766ee7e8d80e198b6f08ec47798d1610558172291530d4e8ba2e0ef82a005

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
6c7fa67ea3995d3963f2bc6c5d574f64

SHA1
14a9cbedc8cbda51a3082217855db41d77b56924

SHA256
670be47854d9721c3296ba3ebcc45d6481cd433c1b6c5e36e5f58bbbbefc73ed

SHA512
0f9df36652a9630c1c252db45dd48f98a486aacd7a116359f7b61e61db1ab7099176200f5068b6ed5fe7302271d78494bcc213be446ced7eb296ac60bc0092ba

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdate.exe

Filesize
163KB

MD5
9b061d9863757b582737d5d2fdb77892

SHA1
895c336bf2f06c9c6bfc75991be5bbb552c5b171

SHA256
d873aa864f45e204e8a79163d3a856737614fe3b0b7d1d519790e2d20cd83638

SHA512
f1faa7f250ce8ad69cccb1ad23f2ed958f2df17e0762ba2b516d570d2e36dadf9c82dfb35b3ddbdf7e689854e1cbd2c1cd2e53dc660f482854f4f1e747de0707

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
baace943cb69990a6f196cc77383cde7

SHA1
5dd2fd6d0f1edd0f0d22261eb8133563015c760d

SHA256
89f6a8374de8b18885cd57dd145abd45d620969bf3c978b078901ff33d53e770

SHA512
ba624e1f5ef2804dc682257ed52d2d23cc16d3c29e1f86cd3ace7275249c2389c689c94ea047109d9c1bc629ca47ca7191da58891fc29da908da2d2251fabb57

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
188dd0f6a6da3c448f4d0a6ab6bf34e6

SHA1
f9a5b7549bc4f442e925a7f9c05d86d11a3ecb42

SHA256
f1b501856f97a5891c9eeacdf7dd8397db45401e1e98f06272f5f985155dd033

SHA512
244ed10f7bc680b8662f1af5f83f5e9dd6eb122812c5d97f83d973f914d9f42ca6102f64c23f3f783e48d88a02e6bf1f8175ab36e09fbc82e6222e078b5eed54

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
4c2d88ea04ab052af5216bfbacb8c0a1

SHA1
0f61fd87e6b7f2141bfe93e10faa145b425bb3a4

SHA256
06d5fd6ee925d306da651feffe0acab105bc3b3a71e7c9781037d2a75d52d96e

SHA512
3f85a94f4c11b340b1637c60af42ef3a672fe7cfce9e723e2f08e47916d403ed2141b835b8177b9ef0647691bb510750c2b4640b52246c9fd85accab6d056cbc

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdate.dll

Filesize
1.0MB

MD5
f1f0b4c0ab01d4306faeee365b0dd5fc

SHA1
5afa4b636bb9e29a70701ab109174158fc69d0a9

SHA256
74a01f68ab2ee3afe873d3a01b2ea3229ff859651d5f56eb3393138beb4fca76

SHA512
2520befd3a688898f2c3d28dd2f4fbdc288a2f9e373ca3acf34bda9ac0a310356e4c9a0b39b8ab6425dbde04094df57addcf5e1fdded4e4f224927ac20c9f56b

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_am.dll

Filesize
42KB

MD5
9337436cb47cc3c4a65ec6347c8ae3be

SHA1
24eb28146ef665ea566b4817e7065c8983ff4a10

SHA256
fc83411eb9dc48eaba41a293507f9f32e6f588eb4776c818a1b149f4b815ff90

SHA512
9929c901a63d23cbae90ab74d22c317ef8394edb794d1b0b034903ce6660fdd4d298c95abd70b474a6981aa632461d0f50812e950e0dfef0a15ea0902b8e1b1e

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
0c8ed611fe223dcb228941bc20c173f0

SHA1
5f442c8181c0c03ef172847383707fd85f7f3308

SHA256
34b85c20dc4386622d5d2c77f29b7ae01f344ce75f72f6fdcccb50ed5db218ae

SHA512
409bc4a8eff0508f06931706b1c5b3a476545d017c4d61455db99d557899f0165851680accf70deb8f4a058adf7ad5f63e26511f493772f0d243e45a0edfa722

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
9acdce73137f52ec65006f18a05afbbd

SHA1
74cff763ad2a83d112ec151d433f86b9525f1532

SHA256
7edbff478d8168fd76d1cfd65ef423969f468ea7b2eba09ca9bbc8ff21621c09

SHA512
8dcddadbac4b988ac553261a99d5500f736b43a58b21da5ca5ee2c19aa56ee4a2cc038abe603e112d0aacb4daf3265ae95619ac317c1e5503e71df42bcd752bb

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
fa770becdf39f3127d4d3e23c4ec8903

SHA1
8f3842ffcdeb40569e54af6eeec5463da70c8e88

SHA256
7a2d983d33dcf2c796f0a091e782198b08adb1872f45a6242e2e012ca7046580

SHA512
2eb9eef84ec4178ef42d05f3c5febbaa4ec1380fcecb8f18c24c9e17abd81fed923bba801a1ebdae19ead2b6284c05475df7354c4e1790afc801ee1cbe982989

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
708506cb89c91327efc1ec5d52530191

SHA1
db5f519cfa5d379fd399393ea637511d48111f43

SHA256
a347c24fc9b6b746752bdcf7ded1e3877aaf3a5b48bdcabaa235d4d20108324d

SHA512
5a9597478e98dab189e583816fb47ab191185cb9112518101d8e32ae7b743faaf34aafa8ecc5003078cfbdbe07fa1d9672ed6bc369c660eb75b95e7cc32c9a29

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
ffd601448eb927d1c941c568ea9baff4

SHA1
113d42f0d653190c20d87eb0459f5cf24fd15bb6

SHA256
48a310b5fbcb631ec549314ff9ac8502390aeae703ddaa68be47c05b7cd15685

SHA512
79a74c30d89505ca4607229d6416afa84ff3693dea0dba61117bb8e6aaa5047741658f9a4501ced33d89752be76c256736f2fac2ba4384558b04d462bbdd92b5

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_da.dll

Filesize
43KB

MD5
8dc7da70d0c82e75fc5bee390586fc88

SHA1
ac64e30fd888679bdc67c84dd44e10e45893a602

SHA256
f58543f3990cdd784a0ea682bad67c97ecdc964bc1ce7a9699e2c50d829999bb

SHA512
ca3c319bbef8631864d4feb249a3cb61a50edb73e19a42e3ff8df1908552f9642ca109d075e352d32b05de9029a3ddaa951d46e8191e10acb16169c5fa640b4f

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_de.dll

Filesize
45KB

MD5
a249bcef5174c610e8e3d239733a5b13

SHA1
fd0e36c6f9634237d13b7935492f9e6a4181b644

SHA256
771832ae884969b6fc35b265899225618d220e0323ebd1f0b543419594348326

SHA512
4dc93f574a394be1e02e2afd07876e94509567d28156ad2b8c2063dd2a7547abcf55ddacaa32a6f0ae73e5e28ea924e3ee27389bab8e8273d8cc330a7634b3a4

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_el.dll

Filesize
44KB

MD5
5cb19b6edc93f4a2e0e1d83154bddd9a

SHA1
58886951b5c2ba0ec2a0c236c5c554ab0c0fc8e3

SHA256
ff4033b8a67d09210d10e4c877b7a6c91283d86c3fb6cddac58198ebb9c19a0f

SHA512
154e2783cbaaecd40044787d1c183b7201e19dbfa730a4983c98826b702516bcc7d0c9a29c82bdbe2c39c567e3dec44cdd0067fa78c894e2126f2a455df302de

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
f981122f12267ee4c73cb0da214be0fb

SHA1
1b0585e2bc0d799fb6012f9e7970937a3530a047

SHA256
dd5ec23521eec4a7cf0e8e0b8b62c58b94fedd12edeb1bfbcabbb831df161b10

SHA512
cc68370957ca4b123003fe59e7aee8281d53ac0648d893a18962383307e18d13d88a2f206d8dc50807c566cae2ce49d4c92e02564569b691cdb6445c3bd0c3ce

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_en.dll

Filesize
42KB

MD5
de5d5c2d3a7f3d50000d893084515535

SHA1
624a1ec63cfb43f6b6e5f65792f8ca4933d0748b

SHA256
b8f02651ae7a76a859e9474f03b4772ddc5b50ac4c7a607f923644376607e40d

SHA512
af454c047f5ab67c0f143aa25461413b35f9731284d911bef5e260f5586122e36386bc5847d8cac872a71dd237d262a9b9ca3a512aad89594ae7052f10cdc75d

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
9dff25472fa1fbcb5748d1a75e602dc4

SHA1
a4e2e2b2c4fddd505f3621f0291d79b088c5d817

SHA256
101849ed8df0a03bd2a6e9319bc1926f0ce2e6a78cae48c0e3c5e2e223b3ab3f

SHA512
606aae288ee72226949610cf8fbd37fb605e5240739628fc1ee05f3c1074511611fa7f4b2b32d2889a06f50a4846e9ebf03ff31899cc5a996006bcf6ee86df97

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_es.dll

Filesize
45KB

MD5
18c54ba5c8305fad9dc54403520025fc

SHA1
cdc032048d6d683aa0f7dbcdc87131deb91008de

SHA256
43e0b8dd75b68dea94e61bed162b8b927b57d21993a3d0003dbc65325e98665b

SHA512
c843518a5d60f5dc9b27c5ae3463f0be2fbe8a856c30fb7b9964d790defeb939c7a77529765c98416ca95870f60752b006d4a863906d2b0b4924578da235feda

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_et.dll

Filesize
42KB

MD5
39b6642bb609383444d77098d5d59b75

SHA1
39dc2deb942633335f7235878c85948b772aa69d

SHA256
5533ef7de215bbd001e5981c5b7277c6fd8601f46c5f168f149e49013424aaf7

SHA512
db66e5cd5e0f00ec387dd268fdc3a4f35f393a22db4da88980c5fd567a83181fbe6cfcde435ca94698219610033ae26d57283b661c8111486acbe0cd94a38e22

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
757e330d74b8bbca365256be7479e87f

SHA1
a64d3ac7b644316896c763dbc4eadc54865a1c9c

SHA256
a8e65af1f52aed81c56ed80ad2ce9193e51eb87070565516a596f7dc4343cff4

SHA512
fc3f33bddbf92f2869289350d2da0c6980298fcbbfdbf51aed8c6041d472bb4c0aeb0b06b89756c6ffefec08152a1942cb430eebca36a65dad0ea398e7e4ec8d

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
ed87783b5dc55a79614b5d74063212de

SHA1
474d4584cbd52ccdd4122f78f2c368cadea3bf57

SHA256
771f125d60ae0208ddc0371c402dab9ce41d5e9392f89a5d2b41338263b26132

SHA512
b9fb4dafac7d0ec67960951ff705a06c457dfd5bbf2226114ec7da208e2df9f32cbba55947a84369a18042a07d02e578aec12be7e4bb67130c2147412f8a8a04

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
b0d3f09c96288e9907f0182614281577

SHA1
8259f3c48167524a0d6452e17e8ead77cb95db60

SHA256
1f502936b870b0b3f499e298ebd422d73e7b616f33ffc1105acf3e0bc6e4646f

SHA512
f01135f84602d090c6c95a03d51a93dbfe2010a757cac1023577b78dc604aa84a912e222e1bd5daad49cf1a669c7afac498055f50479f12576e471fd990be43c

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
e1d7551ed9c0aea99775cb75ec32546d

SHA1
2d43f567494bcfa06be60925c4e5611b9dbf9dcd

SHA256
a6f4ea29f72f1bcea8ecf7f36cb051d79031fe93f861a04a5b742fccb23cbdf5

SHA512
591ac29366b0aa3acab50e9ca5ecfe804d242307054c2b1d46494a463448bb23896e50b1c8a30cf3683a01d7b98e076bb6da1c645b11dbc2b03f18d8f642e86b

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
4c38b121c2a3cac6ac5d3bbfd1b6b64a

SHA1
6274e5ea47631ad29a084a101926a49d51cd5bed

SHA256
d09ce2947ef14fffe6afc9e82f13accde827c2d1b2032b8f2e10ca112ab4fb30

SHA512
63451b42eb1546b4f5b67d84c3163debd9e492d62d92d33b94e9fe5a82cf5ef1776bce35a2db0a4bf4b8225a643bb3695ae57c522af9482c90d50deba4c65ca9

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
7f8942c5d72651c18429e64f37f2d120

SHA1
78815edb931636879050925bde13c9476a5d9bd5

SHA256
5322517f31afdb0ddcb945fce8b6f7d40ff8c55e2efa863928d3dbcde2b779f9

SHA512
7fdd4af70d3e2bbf74f91b0229e05b1ec5924a0b5d6ef6fec4a3316c07ccb96f08892c7729391f7f739ee62a92689064d2077d963379b239c3a97695934e7176

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
ccd62eccf313a8949c95ecbb4884715a

SHA1
e0ce8b771b63f34d986d42c439500ee711034c2f

SHA256
9b0280711f75fcc33d5576884e09f098d5de8becea768bbfeb5d8b8378d801a0

SHA512
1bc841a3bcde80563e523d060926081028e8286131adc20ce26e99bea51788cad3a69fdd460d6031f91a2540336d77ac6d086617f2f3f233a6e235ca294a2f67

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
3ca2425fef9dc20c9333c32541a3c2fb

SHA1
e809cf18a945f9bef6339580aee99d2aff91ad5d

SHA256
38824296715f19ee514fd2ef0da05cc9bb666afa418f42449f3fde5c75ae7f5e

SHA512
259d5e3b634196430fb6ea85eb13c16a7059769526952279856d411564f949bd9da251700e3e3775216b01c550f87caa445518c5540b70400be6a92484e46e6f

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_id.dll

Filesize
42KB

MD5
eb850ffd8590d3ade2b35739b57f08aa

SHA1
ddce0ba1debab90b48cc591dd4c6a581a7a0992a

SHA256
b13c02b982ae23737550455a87f3ff526fe8d11ff6b83ec113d3307fba7e1370

SHA512
762c4e10a33d8e16b9c410968fc1862edbaeec38f7b2b7c4aba8a30d0bcad8892397150c46c0c708d98919ea1a5cb8bc115293e77285c41be984d16f23656716

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_is.dll

Filesize
42KB

MD5
865354246cfe9a96192629ed4795f14e

SHA1
2f2917f864594fe993530b6afefc66e7d4152a0f

SHA256
c5d50c45a6822ce7b4ad6d70f2f7097f948e19d73e6ee25e4d215c18f0a209df

SHA512
d9338ba3cfbda11b8b9521bd7fea895680f73c2af63c2ecd238fe7d4e92350798f5ec63b57380844725e3ab37728a067d545a56a6bd39a90f834bb81a340df43

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_it.dll

Filesize
44KB

MD5
d2f74723be77126402e4b94ebf1c43a8

SHA1
271dafde69aa2d0bdb1cc4c083365b855d4def44

SHA256
426cfc62c1ac2d2a6fcb69552ba556cae3f2254102439ad4b3fb5084ed26eeac

SHA512
9ed29f523a601d95b85979cfb72353eb256c78628067c4a67972d63d41fc117257198095cd74b09c925c7a41afdf2f84b54b6fbaf3b4b65e4113c2b4603e5aca

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
8d0b189d979db1f7f80cecd6b270b956

SHA1
51caee1f1be6b05ab995b2cc629a0ca71b06fec6

SHA256
1ac354db7f5f33c34fcfb60d6099340408d26c0c2cf7e5beaa36a5d5bb16f9db

SHA512
b044d2e5097f75af0206efeec86c4130c3aee02983202085c5f1fddfb7e41ff633532d1bc3fb8a5ff4f4ea48b94bdf70145b0f6dfb2580669e0eae4c6694dfa9

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
ac596e6de1097abf4de6b7499e25d9b3

SHA1
c80ecfd4a8116036652ebf522d3db8803ea00d09

SHA256
7e0a9650b7c505f727693c5d426e6781b6b3656800371e7e3c88c2efa5ecb7dd

SHA512
339a9224aaaab5be3ffa3f308ee089aba0c94dee0f1b74af00ac9865dbdc349fc54791e6748d8e381a708fe5faa7e14513efe58dae430836507b51da18cc29ba

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
da4b6da2070b33be690fb994353af54d

SHA1
0bcbb9aab8ac7a4e730021d3aef4a4d2ed93e74d

SHA256
694faf1f682abf98da656886199c218406b5adda154a8e00e16a523ce2c4ac26

SHA512
5fe7f48ffad1f31792107acc75899b905338471033016b976c3cf90576d4e15914cf910f981f42736a25a1bb5fa4dc0f78f3bd3a1f69689c296b8da0917230ad

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
6b9b975e7ab7150fa2434abf9e0e48e5

SHA1
48a9ca2315511d70e719e6c97f11e1fafc2747c8

SHA256
8f9f917cf0de530c930391f2a8e60f0a61485cbfe073a79cc0dece06c01c3742

SHA512
4a923a4e761b192ddb295418317466fcc2d325b5321dad7f4e07147f1cc6fc91301ec2a78f0730b7cf1b40942f7151e1cce0bc80b3d91a4e520421c27df68990

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
7f037d23a01d3ad1c5a5d79e9a34bdc6

SHA1
cf9e916a1f65b2856bdf619c0c5e7485d46062f9

SHA256
8a3594ece84a8a17805a63f65b1a4c57177aa0371bc34226d6f7e772cdd4ffac

SHA512
5ce45369ba47114290c8eb7a6376da01bcd06f211f2c3bc013128a4b1df0106c9e57cf79bf3bb315aded739e59ab261e61ebe70b3575a8ac86c86be398636c79

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
1c8300f20bc188fee606190ce8626f51

SHA1
38fe19394fe21138c53b11bfbb6259b092f18662

SHA256
7742021307d97b97c3705c69708fa5468a743cfbcee20d69dc06ccea5a60a023

SHA512
2f4e4b01f8374fc60296d872223e32c52ab2a65303042ed5368f09533fab1b4d6b7c7990b14503593547d02bdff031c72fb29c60075e1bd22c96bee5512389f8

Download Submit
C:\Windows\SystemTemp\GUM32E3.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
c63bd5e95a52f4a404b338fb6ff4565f

SHA1
82dfbc53e4cac7b0078536beeca22d1b8b98d0eb

SHA256
2c8da333986bc28862479457f9c04f7108bcee42e0e6e07071f7ff8e4bf52d73

SHA512
b3314094968a2f256bf309d5c5de34525ce8368d4f483caafac46d1d6c3741bcb8c23bae04959a08264309cd227999ec65e9eb56d6297504d32dc89fbf8d01b4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1156220353\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1219106607\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1227825730\manifest.json

Filesize
585B

MD5
469870433fb38198b865952f35dd94bc

SHA1
209fa4cb39d3d75c84196c92ca6de021f3b5d675

SHA256
13307373b35b26ffc2d210cd000b580027b6fd80add0ee9198701a63feaf5f73

SHA512
3b0ea828321c83569f404bd78a1d06961112995f55b2b5ce094000fb8c72c33c08d15b132ee9faa597c650936360598520bc7aba945ad97dac717b5b4a891697

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1339284201\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1367856819\manifest.json

Filesize
595B

MD5
02cc7e44b2fcab7d7aa8d0d7f7b1a50e

SHA1
d6d7b30f4d68134797e4bcbfa0006bdf18d15bae

SHA256
e3652ef484a60b9ab213d4dbf462337acbc1cd63a4cf958bf06dfb574ecb5c8a

SHA512
760c37eec18199eca62e79d476f3059138643ce8798bd09f1e85e01a179da7792c0ea6dd35dfcb9431481ad9a44e7d3cc7e9c1bf0f2bf4c7474015ebfbe3d90a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1632752555\manifest.json

Filesize
108B

MD5
00c23f7e5914dc4afdae706c3cade0af

SHA1
ab6e8c2b6548c614e751d216e61d1e251427fba6

SHA256
8030554f27011c520272091d68489cf27952fde68a4d891d13d4020672c3e846

SHA512
34864079ddaa7b05cdd8a32ba8cf9d88166ec2d43e91cd47864ce58453b5de4fa761c58186c98c10ef42f622bb3d607803989b621c524f418b727ba48c743ebf

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1800160688\manifest.json

Filesize
578B

MD5
358135febcb0bb327fd388e5f3d9d00e

SHA1
7b677a4d455d385f27d23a8ce8b7460bece86e76

SHA256
6e3612d0afe3d7565b9725cfd77234c735e3a4e194aa15729abaffb89d4de526

SHA512
6f5a085568737c3d04f527954497e1f47bb054e96e97067359c566ab2d8df26050883ca93b8ba0929ca750f5fe7f30b2095047b40e872cf12e61ec82b9393b9e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_1937206809\manifest.json

Filesize
72B

MD5
9a5a99da362e84f6bc53460440088105

SHA1
3f423954c63ec8e57c00dfac30b15059f96ba7c0

SHA256
83944ef33ffcbeb4895d21cdb0b65b0712763d7953d6689a659441f378ead1eb

SHA512
d69bc1ae132dec4b28046f66845f572ff552e8c650c08d6dcfdfd8d71ba04904e7771b959cecfa145909cdabeaaee4102ceaf7eeae71f59954b03a07a47585c0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_2014646955\manifest.json

Filesize
73B

MD5
4e2c486e40c8c285e56e18db93fce26b

SHA1
fc41930c5bd2d982cbf050721d24ec7c2d7483d0

SHA256
ee555a7dc814d28b33f125ef3517fa706dfe089ad20fe7167c6e16a6767a9319

SHA512
9e8c9d9ea841a9468b3e7564766891516dd3d722f4cace76a00f747c45e8f212c6419e544a452c6682800af6169ae6d842e26f64f5f3bb955b623ae61972f74f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_245184931\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_314225070\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_360855615\manifest.json

Filesize
108B

MD5
312e4f3903c4c44432bba32d05890b50

SHA1
1c43d85b5119f09224f7def6054fcb141c08a4ab

SHA256
44ba2dcd8dcdc22358d9e178a17ea739b2712565b088bba7f665370afdf7dbbb

SHA512
6840d317d2af8c1f0da8f1c448a276228c1b3250c5216c03316b78c26e0703cbcd335b3f11d499e12800328e40f4eafb238552cbc4e038cb8c1ea89142f9a304

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_363708411\manifest.json

Filesize
95B

MD5
6e6268da4dc1867eec6090fb9d3e750d

SHA1
8df52dbd5ef5eaacbd4d28dae13a4df80e10db54

SHA256
eb281df03e17dce0ca789d8d95ebb09bdb7ecdf637dda2b1798ca5bc515be965

SHA512
f7271eef9334d2c349e9cba4298f7c2e3ff14a9d167c470648b601381e728514232e2dcad8cab3dedcd3af5f70ed0a1c8730f2d07be070b7c49fc46827dd3069

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_43434523\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_499896742\manifest.json

Filesize
592B

MD5
9175b1542d539d365405c604d9867572

SHA1
5448bf47b24548dd09f9f75023a6ebd2f2d7a5c3

SHA256
23d44268eb0a574c705d81c6c3ea8241a2a7c9f785f465e5ec8c8f2df40282e8

SHA512
bc6e0278504494f37b9affc33e0d6f16432056f7839e431c2019c38d400e58cb5ea76f7c92fd436367878e4a664129b96901cf7d71d959654b62d135f98f3527

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_875235874\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2272_979277545\manifest.json

Filesize
546B

MD5
253fc8bf24d3e9d3b2ece2bc767e0927

SHA1
dd90f80003181098ed80873a6f5126c89c867306

SHA256
d9a45f8a6615cb9f55fda6d650cad8b204af0561660f4dbffb9994845541d62e

SHA512
5329377ba53b339c172de16e3ba48ebc9d18eea389aa9550f93d238dbfba8890fd1a7c9affe3b67db0be2fc0f9ef87dffb70200e85da37a5f8c9bf02dcdc6621

Download Submit
memory/576-7128-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/576-7202-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/796-7199-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2688-6841-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6838-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6840-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6839-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6843-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6834-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6842-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6836-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/2688-6835-0x00000157EBC40000-0x00000157EBC41000-memory.dmp

Filesize
4KB

Download
memory/3172-5765-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5766-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5770-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5769-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5771-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5767-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5773-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5774-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3172-5772-0x000001E9A6020000-0x000001E9A6021000-memory.dmp

Filesize
4KB

Download
memory/3444-6868-0x00000215F5830000-0x00000215F5876000-memory.dmp

Filesize
280KB

Download
memory/3444-6859-0x00000215F5740000-0x00000215F5762000-memory.dmp

Filesize
136KB

Download
memory/3920-66-0x000001E0FF310000-0x000001E0FF330000-memory.dmp

Filesize
128KB

Download
memory/5504-7198-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/5504-7200-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/5644-3692-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3690-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3689-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3691-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3688-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3683-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3682-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3684-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3693-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5644-3694-0x0000019B57C80000-0x0000019B57C81000-memory.dmp

Filesize
4KB

Download
memory/5916-5047-0x0000000000D40000-0x0000000000D92000-memory.dmp

Filesize
328KB

Download