Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240611-es -
resource tags
arch:x64arch:x86image:win7-20240611-eslocale:es-esos:windows7-x64systemwindows -
submitted
13/06/2024, 04:38
Static task
static1
Behavioral task
behavioral1
Sample
BraveBrowserSetup-BRV010.exe
Resource
win7-20240611-es
Behavioral task
behavioral2
Sample
BraveBrowserSetup-BRV010.exe
Resource
win10v2004-20240508-es
General
-
Target
BraveBrowserSetup-BRV010.exe
-
Size
1.2MB
-
MD5
f7284dacd9314c4b9aca730b0dd12278
-
SHA1
3c772f75ca632813eee80ba14e71447b9523ba52
-
SHA256
b50d5ffaafa1f3367773029b0bfc39915cf83cef76fe01145272d6b6861073f8
-
SHA512
b539a1aa9244eb4b70dd2ca7075a0e200ba5f5ad8f284c17ea0e3bd893bdf3852e5d0bd13f2a4f2b311baafd370e950d8ab8217971b5451c34015ecdcddf88b7
-
SSDEEP
24576:9/dr/0tdOs2tkQlnvyxdWYY07Wl7vnzGz4ySNDO/fs0izOPZdLQw7KrUUu6reO2:Dr/SdOdNvklYTzGzZzEJaP85u6qr
Malware Config
Signatures
-
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe BraveUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" BraveUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_bg.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_de.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-BR.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateComRegisterShell64.exe BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-CN.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pl.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ro.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sv.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_te.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_zh-TW.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_cs.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_pt-PT.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_tr.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdate.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sr.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateOnDemand.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_gu.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ur.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_zh-TW.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sk.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_sr.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_es.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hi.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ms.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lt.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateOnDemand.exe BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_mr.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_am.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bn.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_id.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_et.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_iw.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fi.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ko.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_gu.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_kn.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_no.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_vi.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_es-419.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_hr.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ta.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_el.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sk.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psmachine_arm64.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_fa.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_is.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fil.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_lv.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sl.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sw.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ur.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\psuser_64.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ar.dll BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ru.dll BraveBrowserSetup-BRV010.exe File opened for modification C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdateSetup.exe BraveBrowserSetup-BRV010.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateBroker.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\goopdateres_ro.dll BraveBrowserSetup-BRV010.exe -
Executes dropped EXE 15 IoCs
pid Process 2656 BraveUpdate.exe 1248 BraveUpdate.exe 1520 BraveUpdate.exe 2108 BraveUpdateComRegisterShell64.exe 1324 BraveUpdateComRegisterShell64.exe 1904 BraveUpdateComRegisterShell64.exe 1212 BraveUpdate.exe 848 BraveUpdate.exe 3032 BraveUpdate.exe 1884 BraveUpdate.exe 1852 BraveUpdate.exe 1720 BraveUpdateComRegisterShell64.exe 3068 BraveUpdateComRegisterShell64.exe 2400 BraveUpdateComRegisterShell64.exe 3016 BraveUpdate.exe -
Loads dropped DLL 47 IoCs
pid Process 2196 BraveBrowserSetup-BRV010.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 1248 BraveUpdate.exe 1248 BraveUpdate.exe 1248 BraveUpdate.exe 2656 BraveUpdate.exe 1520 BraveUpdate.exe 1520 BraveUpdate.exe 2108 BraveUpdateComRegisterShell64.exe 1520 BraveUpdate.exe 1324 BraveUpdateComRegisterShell64.exe 1520 BraveUpdate.exe 1904 BraveUpdateComRegisterShell64.exe 1520 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 1212 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 848 BraveUpdate.exe 848 BraveUpdate.exe 848 BraveUpdate.exe 3032 BraveUpdate.exe 3032 BraveUpdate.exe 3032 BraveUpdate.exe 3032 BraveUpdate.exe 848 BraveUpdate.exe 3032 BraveUpdate.exe 1884 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 1852 BraveUpdate.exe 1720 BraveUpdateComRegisterShell64.exe 1852 BraveUpdate.exe 3068 BraveUpdateComRegisterShell64.exe 1852 BraveUpdate.exe 2400 BraveUpdateComRegisterShell64.exe 1852 BraveUpdate.exe 2656 BraveUpdate.exe 3016 BraveUpdate.exe 3016 BraveUpdate.exe 3016 BraveUpdate.exe -
Registers COM server for autorun 1 TTPs 34 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51F87104-87CE-44E6-B700-998AEB9FE260}\InProcServer32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32 BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\VersionIndependentProgID BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12" BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC} BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\VersionIndependentProgID BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine.dll" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods\ = "11" BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32 BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback\CLSID BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32 BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA} BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756} BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1\CLSID\ = "{3AD2D487-D166-4160-8E36-1AE505233A55}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{652886FF-517B-4F23-A14F-F99563A04BCC}" BraveUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\Elevation\Enabled = "1" BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305} BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32 BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32\ = "{51F87104-87CE-44E6-B700-998AEB9FE260}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync.1.0\CLSID\ = "{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}" BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\CLSID BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\VersionIndependentProgID BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\CLSID BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3} BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32 BraveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8} BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5F6C285-BAF8-485E-AE75-1F1EEC8135FB}\InprocHandler32\ThreadingModel = "Both" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91} BraveUpdate.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 BraveUpdate.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 BraveUpdate.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 1884 BraveUpdate.exe 1884 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe 2656 BraveUpdate.exe -
Suspicious use of AdjustPrivilegeToken 14 IoCs
description pid Process Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 1884 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: SeDebugPrivilege 2656 BraveUpdate.exe Token: 33 868 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 868 AUDIODG.EXE Token: 33 868 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 868 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2196 wrote to memory of 2656 2196 BraveBrowserSetup-BRV010.exe 28 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1248 2656 BraveUpdate.exe 29 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 2656 wrote to memory of 1520 2656 BraveUpdate.exe 30 PID 1520 wrote to memory of 2108 1520 BraveUpdate.exe 31 PID 1520 wrote to memory of 2108 1520 BraveUpdate.exe 31 PID 1520 wrote to memory of 2108 1520 BraveUpdate.exe 31 PID 1520 wrote to memory of 2108 1520 BraveUpdate.exe 31 PID 1520 wrote to memory of 1324 1520 BraveUpdate.exe 32 PID 1520 wrote to memory of 1324 1520 BraveUpdate.exe 32 PID 1520 wrote to memory of 1324 1520 BraveUpdate.exe 32 PID 1520 wrote to memory of 1324 1520 BraveUpdate.exe 32 PID 1520 wrote to memory of 1904 1520 BraveUpdate.exe 33 PID 1520 wrote to memory of 1904 1520 BraveUpdate.exe 33 PID 1520 wrote to memory of 1904 1520 BraveUpdate.exe 33 PID 1520 wrote to memory of 1904 1520 BraveUpdate.exe 33 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 1212 2656 BraveUpdate.exe 34 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 2656 wrote to memory of 848 2656 BraveUpdate.exe 35 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 3032 wrote to memory of 1884 3032 BraveUpdate.exe 38 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 2656 wrote to memory of 1852 2656 BraveUpdate.exe 41 PID 1852 wrote to memory of 1720 1852 BraveUpdate.exe 42 PID 1852 wrote to memory of 1720 1852 BraveUpdate.exe 42 PID 1852 wrote to memory of 1720 1852 BraveUpdate.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"2⤵
- Sets file execution options in registry
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1248
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2108
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1324
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1904
-
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QkIwNkVFMTctQTA2RC00N0MyLTk4MTUtNzcyMTYxM0M1NkZGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:1212
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{7A9467F8-759C-44E9-B9D4-8B915327593B}"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:848
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /unregserver3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1720
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3068
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe" /unregister4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2400
-
-
-
C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Temp\GUM7F9C.tmp\BraveUpdate.exe" /unregsvc3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3016
-
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3QTk0NjdGOC03NTlDLTQ0RTktQjlENC04QjkxNTMyNzU5M0J9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzZDRTAzQTUtMzAxQS00Q0FGLUI4QjktNEMwQjU5REUyREJFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0NyIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5IiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzcxMiIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1884
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2756
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xc41⤵
- Suspicious use of AdjustPrivilegeToken
PID:868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
270KB
MD5d77a3a619b3857fd8e44fe2cf6ad80bd
SHA1d37e6b4f5445210a0be96470ec530b695f3acf6d
SHA2567fb51efc6b213b0358cbdd43468b2334cefb3e0cecdc6011284f44204c3a702c
SHA5121cb6ad8c5138d25d715b0b70590dbe39caad6abdc2c650483519d21d3865e01b48cffbeb061c28a2010d729d07b94ab7efe6c1059206e7211990901b7eecbbe8
-
Filesize
355KB
MD55a0b2c88d214e16b4e1092842d8ef470
SHA1e8c842568350fcdb552f7b735c87d2714dfb244d
SHA256f69597ec823be88eeb7148fac9387a6025dbcbdc665c1806dcc566c9d2d1bdca
SHA5122abd57360f3c7badba40d7d273326aee2080740f454129384629996071a41be619fad9f1c0dc32167fa6506ea02a1421f64ad40249c997c8affd4242e5b09307
-
Filesize
353KB
MD59a7b4118c28a676f1e9cc96b3ecaa502
SHA14028efa79fa8264f99ad3387e63c4e241f33954e
SHA2565414f9c3ccbbee1427ca73eddfea795952dfd47f86da45715492460ddc033842
SHA512f7e755262d90f5b3175d2968805976e5fffcacba436ea19ac906a5788408987dd47f563a305629e4a1efe3783533a67b203a2a9a19eb89ff39db8f68f0ce942b
-
Filesize
158KB
MD5e1b88b573ec7bb96c450a2d9dd23dbe7
SHA11d46e35764a43515237570bab59c3a5077eec4df
SHA2564417306699ca5d2265c0bcf312122883bf4cd44f2b78fa524e4dc15b76fd617c
SHA5129fa7d3cc12f777ecb4980e4cf118b2a1cb47349b1c780665f0109593e8f4f8a4aef626dd080ade25f40a1380d46684707d202c465cf82b7f2db0aff9480e929c
-
Filesize
142KB
MD5872c3539d0e09a3dba481e917ab95bc0
SHA17bbff10934cc669d20eb3d5f17da3f875b5e51fb
SHA256f8955d34c1e9c043b76dfad0472561ba5b74eaec7667e461d745f9554e787f68
SHA512e07907943b3a3133d74995d3b294c370adcb08750ece301b970c66d92451c6b08e9a68cf20d18be92782422275d3e550c7bb2c94c4f3f7832ccf76d5c4c7e6d6
-
Filesize
194KB
MD5446b52ab736570578f54bf7eb314c86b
SHA157c1f8619a911ba5918bb3f57cd37eba0972a7a1
SHA256e4e87b90282fb321fe596cd98f7cfc18950bdb6092c5b7618fb5e3ba92847a13
SHA512e564f4d2389616613a53c7c15b56779859cb2fe079a3c5a3e5be7cff6c1aa754cd8cba8f2c9d30463f06378e5f3e05fff01e27edbfae7cc3e97345646cd38066
-
Filesize
1.0MB
MD5425fb0ed44ecdab114df186a030547d8
SHA11b0cd116d278df4226d9fc097b4693c9f358eb91
SHA256f04aecd02f82ad74c20073e2332f40efb96682ba52365cc257e43adfd2eddafd
SHA512fe5d08636434246a77ca6133593eafd71f1cb61cd682dcf085f08dc1ba974607a779dfc45bf3490b8f1f6651f8b349989bef586477b961932dd770d2b487c4ba
-
Filesize
42KB
MD54bfcf96bca30c7596fdc8077d3f1b497
SHA146d5076d8d789de2ee05dc4594ac4ecd3ba9bcd3
SHA256dc6bcb120d3b92c4e91ab14466479530f4143aff5d10911f1106d5c465ad1106
SHA512931946343d6bcefdd6a9fbd06063956d971404bae4235a476a20601115a6a0b9add473a206d875ec940a0801763587dedb79115e29d7adb68aca85559273442b
-
Filesize
41KB
MD5d6cfec9d78ad35c085b90b31b9d0c391
SHA153ee391109d899dadc0325bbc520e63eff69c2ab
SHA256aa5ecd1e8cf81247e38003aa2768a02756c98f6cb0e0015c8ee1d82ddc417195
SHA51274fe296f3b3a5ca9d0144f49dfbaf716780cf7033061dca9519cbec8795be1c52cf88c051934a951e6719e6053f9884b6531bddba0cc33169aba276cce437923
-
Filesize
44KB
MD55e7bf512451e8be7c6730a923e366ca6
SHA15f7b5bd2d71fb12f685e09b453fc9c927b6ab715
SHA256fc642a0ef0d30990d41695dd322ec8431dc735fc162fb33aa467f6acc39028f5
SHA5122fd07507ffc0361e3e3c2494bfe70f0c1da4f914d7a321dc611c649ae3699d0dd6a763d7ff518cf1ab0e34b43bdf567371b90edfdcadf551f9c387fd444c495f
-
Filesize
44KB
MD5a7396703ba43c67fcaec6b8daa5dca50
SHA1b24ea41d80de7c9f04ef1c15a8bd296ea604a136
SHA2569a6abae8d97d66ac871b71f02ad2281dbdbc3f91b92ff4d423f80a0839322cbf
SHA512acaefe1dbcb1297cbf89ad7f120e5f1216b39562d1a1ee170aa8b5dae1a29ba89565eac4550b41297ed0986f788a081729af757e7e0c240c38bf16fc1223a0d7
-
Filesize
44KB
MD5262cef98be21eaaeb6ef520e12d15350
SHA1cb2d4532346a442b8ea8c74d95cbb37987d09630
SHA256f253c1495083fda57f8211f8c9339cde93a1c746307ab012b83e4e1140d4f811
SHA5126531b0264b265af3be2cfe2757b47d9eecb9fb76e85b9c741b7a58401ba6c5d24d34cb1e7c4c85ecc14f256df30d1bf3a9ac602a4c7c368f1837ab7993a1e3eb
-
Filesize
43KB
MD58ecad669fa5eea1be1fed2ec53243197
SHA119f931678fdffd726f613aed587c67e2c28b4d9a
SHA25658fe2338f042124893a98847051bf34fca987ed8ba8bfc114b7548a692b7a0dc
SHA5129904db317d304d80b26502b292edf4b51940802b9b3e5ad5a1ee642dcb1d8c5788768ae309aa29af603478e4c6c2755ad6c088cde18be2d6a975a3d3dd36398e
-
Filesize
43KB
MD53443f3593a93c3ec1c7b9af9bc0fc942
SHA1c6325c215ae0fe9d110af75c18868f2d69dfb167
SHA256d0b405eab9e2a572444e8bc5563d571861c5409538df80fe151155c953e687a4
SHA5123fcd0ec2ae5521801ed3020285c5f50162266167db4024c3330a0284b682414a3d5b3060239126bdf167f1ee23edb943890718e89ce033a9652c7078ebb50ef3
-
Filesize
45KB
MD59efee16748f966afb5eb87c23cf48955
SHA126a2e54936fb8ef7270b1aa25d29e915d1675bc3
SHA25690205eb284cc94fa83c051dd4c037764e1ad70bafa5ddd255cc202884529a3cd
SHA512234abf150ebd9001b8fed17675872bd3adc9816724c06a8007c4d193f8c0dd8f52f695091a34c2481e7bfcf479692ab70883c8125ab990a8947f8ab34fe3afc1
-
Filesize
44KB
MD5b7146b5a2284caa34f796896be60c6c4
SHA14d167a1c283e362456dba3f4cd4d3288ac373a4f
SHA256cfd331b344d1bc7cb3668e8a2befbba9e074d5925c690fe353d4942ec9683df4
SHA512ed942c2fa844439bdf480d21f7f3f0645ffd134c987abbfe26b29bd0d196754d547a026138482f8e2fd6e01263f95e36d34a1acbaac4070c3c922365e3469534
-
Filesize
42KB
MD5697d46636189ad7f393d2c1c8a0e29b3
SHA134c5826c09e292250ace3c44cb6cdbefe4328e6c
SHA25652ea75950a01f3aef7bb373632987cced0e7d82c34e70a5f240bbd30ee80e0e4
SHA5122a91919386c8e40fb9194b996fb57574421e95e54306958d36850ebb4803b1a3f978562de9eb2e350e877bdc049f13f2c850a35ae97ad6c83ea77b424ee90afe
-
Filesize
42KB
MD56e49096336c7c85f926fa680899928b6
SHA1f39b3e151de9622d36932e14af25cb1352fa5e7b
SHA256b3af09e3c984fbaf282d63b4eee7f3a1b6aeb658aedf74f097a0df1d725c5074
SHA512df1567dbc9791ac18a11fb58783b96cf74d92076802f234f851ec10857190211dbd0240fcefc701cfe63eba97b3147e77098850cf087f334fffd498def3c754d
-
Filesize
43KB
MD542eea1071a5f56d408ae777eec906cac
SHA1afa8647d5b988796204aed778978fe6623b03c85
SHA25664cf61cce4eb4437883b8880a32b0e53fc4cfbe3da5c3e8fab51dfbb8c6aaf22
SHA5121a444f747dd0920bab930fc144df3b9c9b3552a0c93785583c047e564beff3cdaeee0b55dfcbc1dcf5652982d2ada53a0689745d4442e6169113d9c60cdab127
-
Filesize
45KB
MD50f2303e57a3ef541e578d363da51d109
SHA14101860a5e3d027ab6a298d97f8317c37815364b
SHA256eb0086e4a303374cdbc5c118d430b2d3bc66a658012bc52876b39a1867454fd3
SHA51227f85c516f2d6d6f6224afbc944f1dc7f7a3654e0d66d28fd55126650e3b9f28e7471738634cec5d3fbd53699bdc6005561ffe9c0c074ecf5acd871d1b4ff105
-
Filesize
42KB
MD520fd1d4375f3b12d26c318db7b6eabc1
SHA1fba7ebdc65351ba9154856df4dbfc13d6430602d
SHA256ef6271ff6cf23e42f22b701bcb9fef7e171f388a338b7ac222b75eaf0ad1a8e5
SHA512f8a41d86281993c306a92f3d92f9946d38d343ebd575e2ef57c3896fe6a8754a2342fe65d2858dcd2ff0a1f97cdf1df9cc2f1f46b2abdbb82ce0d8328eeb4876
-
Filesize
42KB
MD529e5800dd3680b7556083d3c21aa7f9d
SHA19cb9e706b7db0683d6692ab1a2ddc76852848c25
SHA256abd8f8fa1d2da479cee58995fa7bb58ee4cf667a707a06b59d69608275e106ab
SHA51245cf0b891398330dca1ce681826a3fddc5f0d1e0032739cbde875c42bdc70eaee397dcf2cfea8c8365fa34569bccb897920d79dc7c6f5667cbafdcbb4444124f
-
Filesize
43KB
MD50ff4e81ddfbdc555d6e8372e6defc303
SHA127d301c951babc4be19d7043660a37c68a9a6f90
SHA256a622f04d1f67ba72b32ef542b0389826a6b857b3bc43a6db4afeb7dd1b0ddfcc
SHA51240a93ea44c38b4167ac19ec8c7a06d65bbf29d9bb7551a603e99d77c4e108f53c7fa884a16bea29c3d170088ce5dcdb73169650912891b3fbde703fd3011bacc
-
Filesize
44KB
MD53f890f3ef795ff8d0f500f1886ac9f06
SHA18ace45cc32c47f53fd811e36f6d2a8ab1ac802e9
SHA25695c44399a59c946bedb0299ff9544c049594c42d7e0cfd26c3d9c8d2e1d1b072
SHA5125370cc9cae35b78d142602a9041375bfb0b136953dbe42fd46e539a149dce0866edf4c393b548f79819a497f25a5441bd7f8f1c701df8894bdc977c7c901d599
-
Filesize
44KB
MD51fb7914225491072bd504285a259f363
SHA10500cf0b9f8663cc67c24da2b76b7eb4698b6dde
SHA256c6a1f755892ab43ee301671ae204828b55fe76f106e6acb86a3c08e8f287e87a
SHA512f618bc1228d8f07abed48a203b0051b76119f7bdf4ad05d7d37c2c0e0241b79149fb8d17620b4b3a26ed026f3e102445e6ea9672f973fc2258595544477051dd
-
Filesize
44KB
MD58e18fbf488012ed9bd006c2b64ddbf91
SHA165296023303ad62fe6f26fa3749a2e517fd97744
SHA256e01cf3c2fc0d7c17565da5332d816a4e5bd6a4441d177c75f48b5ad98cb947fb
SHA512c404aa456ab0c72dcfbe00e27eeccc989b6cca38540a91c0affcbbb180e778d0dd31ba58a59503adfe27d76b0012941706a690e8d75f682917ffd5cc9d70c268
-
Filesize
43KB
MD561ae65d900868de699ea1ad6477a4ffc
SHA105bd1542f5367f1b6cde1bb47e265e742b234ae4
SHA256c694f476a771e31f3aacc0ffc1fed121d2d285785d8de2d5b20648fcc565c01e
SHA5123a58d8ad6168a816cd15a329ff2cac593a983a163d5fda06dea182be2b10c4dba08dbfeb3fba6b0c84cdd8fdede29cf9fd88ce247bcb9d0c72ac67256db398a4
-
Filesize
43KB
MD5fc1a1ea0e66d6a11bb52a0f326d6dd9b
SHA197f80b2d3bcd04473f179382defeecd431233a44
SHA256323345ad30bcbc27b08d84d628e06265196faee0f33e27c99b0274525b9430dc
SHA51263fa3b7cbbbfbebce445cf3afd856c13fbdd050b1f6625e17c9a5b8d95ae40eac0eebada1f436d119074b89c74e001fd23edb32d3c465204e9df1f089cdaec5a
-
Filesize
43KB
MD59039222c620182dbd7196f2f6d45c2e7
SHA1b10d174098932855148f9948efcd8896ff49c659
SHA25697e81e293bd72e7cd31f43035cb2725ce7bd0062ee31a1459480315266319c51
SHA5125eb42a09d01335b950425160e10498db4bd36ab78d24fa187ab226cdd72c1c03887e529e6a0897388a2a3925bf2ecbce8d5784ec7ab687f9e17b477e0d1a90fd
-
Filesize
42KB
MD5ac167b4fa1fc881af6fab61a5cc71fa9
SHA1c778c28fda65266e4e9cdd94b540d6bf29324f9d
SHA2566467486124474582d15362b44a31277dfc66542c6dad46e2d088a51c53beb9a0
SHA5121c3afb502c9212bffbc70c27bd2309d6047b714b7f962bdef0e8451aafd89654909cb29f609e289f587e54c596e820e9cf50dba2f640840cc63a1555516bc53b
-
Filesize
42KB
MD5e17a245f877ea52ea79765cf445f72d6
SHA1a98cac81db593f9d659368644ed23cc0c4a08cf2
SHA2565e2ddbdacf1859c554c033d6e5eacf4fa2ae580e9eb0f49d6a48480257f37901
SHA51232557cb0d30342cf7fa5a9221fe5120b59c3ebb3e0403b3160f9f1e59323990b16b543ec73768df5b2dc5250c098f07a05f385b7f893a9f1d4df4b25f1e53b32
-
Filesize
44KB
MD5a15bb0d59421547421d71d4962bdf795
SHA1e48c005809bf22ded4ba75ef40cb741d85a96f05
SHA2560ed00bf389610495958fd6cbf55aecace8fca5b926eb775d261d381ce0389365
SHA5124f2ae1262f50cb5479d92fecc7d34bbbdca71c404cf74aa6b365b37081e938068c03d8361fe03577803d91ee3ad4d4932628f5e151f69e08b4eaf94563e18504
-
Filesize
40KB
MD5f3122cd6edc860701d5470f7b1ec0b68
SHA16ab7b6d47a390adcd4084607e9144fc1f8e86ece
SHA2569a29d063946f8c0a5da0dcefbf78713bea82b1f9b57cf6b5b185887ceeed4a13
SHA5122772c467df0082b18ed56a6b3d344bbe7d9222dc3ce928a7976477d9b3abaaaf332048942f0aa0687db836a081035c6f9ef623d2f5750913e95bb6795f1eaf11
-
Filesize
39KB
MD5fc0add911479cec4e7f0cba896fa98a9
SHA1d6f5cadf35ce0703373f51d5c25bb85be9f155f0
SHA256de6583309d8fec0c7d257957b84b6a88795f95ce1de676da580394f0c5e01a78
SHA512b81dc8ca5efb51b9746cc5fd7acf54d3e6bbd7991289801598a5c8339db0e7d8a3c023b3e85924f0c6c57fb9dfc7bfc12b097bd2e9f713f3623cfc651ba5d0ee
-
Filesize
44KB
MD57ab202203c3e2e93cbfadf05f9415ef5
SHA149e721c7948574534c0b89af37d92c361470df2d
SHA256e1c53bc58018eef074e489c179b29d8ccd07c12a2cde50b15530ccd209a5155f
SHA5126827bfad1e79a514a434141792a9818daedc3dff3bb0eaca3d7d8e9e03838cdb86d3e4d0c8cb893bca2d6f5e44b435dbe779b2aa18c9d56446e3f49e8baefb5d
-
Filesize
39KB
MD5694c6110a1e3000fa88f1446110ee47a
SHA1918fa95ade538d63797f9d8e9a29097a6bf693b3
SHA256930571c7da4db2ef38dee8d73561638b46b3780fdce69f3e2e1024309d296be3
SHA512690f09eb85e425ffe005c99f8310482d1b3f263d7faf4ff12f409cdd5f7b396bc7970b022c07d5ffb6c194ce82728bc6c2a319736875e6da73503f500e3d5316
-
Filesize
42KB
MD520d35ad38de3a2d6039ab7cbefefd934
SHA1e63407bf6e24e84b8b79e0e9907a4ad50be9db6b
SHA256ddc2b0b06879646dae25628884791e83e44f643f7936f4e1afeb46fe821e2f27
SHA5128569a4531dc42df34cb51dca4755075cb72bd27ee9ef16c7f80c09c70ebe5149bd8fabd8de50ceddf09b66ece598bd00d9c8f881467c293d86d882dfb2a04370
-
Filesize
43KB
MD56c0b96b659ba5341871b23cb35c6b075
SHA162667ef0cc8a584fa9cf420255ccf4ef15cd796c
SHA2566f3626ceccb4e6881f7a8c304fc1c2e61f349028a5707d3f0d0953607692e356
SHA512e22d6033542b0e01da77fae6e2307a0d5040afab28c4ec18b08791d0f9ea1d12d22f17e9afb26329cff5e3154f9c150cfa0e9b2f1098fe74cd73db94b3eead20
-
Filesize
46KB
MD531d5214ab31228c6d21a904b2928314d
SHA1bcf5325e3c7452a9bb7ea5aa089755af0f13beb1
SHA2563ba9949b02454c3dfa1e8dc1c9e7238df68903922ac571d69c5a0f752762d3de
SHA5120bf4f3f9613254ac54440a12d308351f9cc151a22be0c7ddf74429cb99c80999c2a1fa06b9dfd7546a4c7a174417f98aef8bfc35d5a74919735cba9953db73fe
-
Filesize
44KB
MD55e9550fde47f0781b8e154ce5c2f5001
SHA102542cc304c6836d50e14eac54dfdd81404d4ccf
SHA2565d04d7c835c5e47b33801d6f7c653689e5fda10716aa7304775ed681f617a2f2
SHA512159cca5365dc319725493448ded909f91c23000d11facc30a4942e185775ab4910015ee54b10c4cef218dfadddba7be0f46c872e4442e40b86dde5a9d1c777df
-
Filesize
42KB
MD5e1ba983bbb648f9c4eb34690bea2b3e2
SHA1378d8138e732cf8841ab00ad996cd83520135864
SHA25664e9ecdf1c3ac37bd76712bf245b5ac443361a33c0280436aacdca6fc0361156
SHA512ef6c07dcd8dcf165b15b36f908ee1d3cbc8904059300ed325ebe44a695a84f82d6fdf77e2986ff862a4b6e5dd6951aafc0ed6cadb9bd4951958d78a26fc5ee8e
-
Filesize
44KB
MD53eb899744679efb5578c31b9c766bbf5
SHA1dfcddbec505c669eba2186eae14e65ddecaa5eb2
SHA256056ed59f4a7828bd276cb8fd981b7fc6e3a0e87728ebff818b6b402222ee0692
SHA512dc0859e5de747f3a7b2e60e59e77529c1ba890c12d7a800ca86b1658534ed2317c79ebd64258a302da949d4f2965ecb53ae1562e9627d0cdd09e821b179a3f23
-
Filesize
43KB
MD5a24dcb087fcaeacc025d843d0869f954
SHA1249ab66b5c1d669f3c0b6caa365d00c4146c0ab3
SHA256bc45c21099f4a178fa5de3e2fd56d35b00b9a61e21a83bb9127633970d2d2132
SHA512ecf43a01a59ca1968929ca5216d243cfae6f1f03a9479c698193088d1b4c2cb5ae8a3b0700de4661a5ce3f98519f2ec3d4461ac325b4435164445fd9cb040155
-
Filesize
43KB
MD565d5304dc525e2d823b9b4e600a3a829
SHA108ff5a65ad5b334514ef3d8d09ca7bef0106c5b6
SHA2566fa385b9686d1257d177797d44713e2b1a7637d3d4bef1e768df9ebd1666312c
SHA5120282393dc68c6b62cd22ac077d04f6789e820d07e755f13c3e8611f2b90f4ad75f5054df76ad96b6444efe4c50e11c4f184f852ad37d427f7a4ddee4eb21df92
-
Filesize
43KB
MD506426adb39c7d04e154cef66f83bb76b
SHA1a77ffc4d4d0d1cae30a52eed7b22439a641654ba
SHA25691912825171e691cc09d23c9700cc5e201c796dd1d05275fa5a410c20f16635e
SHA512a8a2a9f784d42ee90c67f9176dada4796ce966c002d6a1e229c901449e928bed3c626c53e261c46af4cd6bb0b866372d4172e41e3d50272a45c3f40472be0b53
-
Filesize
43KB
MD5a44b2951b8020b19f5e7033d86271501
SHA112d2c7b1ce8771497bdb5ccbd1a0b865d780b7fb
SHA25684cfbbefd4f907753a7be084508c837dc76d50eac7add47f84c08ab8325e0775
SHA51211dd842d978c0d68e3abd1832d96f005688abc67f463c5040ecea1ae30b68965d78b9eea3c20e5164ba7315fe4fe676b2fed6c63023af07241c26c799301f87c
-
Filesize
43KB
MD507e7507b73cc6c1e66525e51fd987673
SHA13f6d737159cb1617d25b65fcec769bf503e4bf50
SHA25631550a0a85d539ad554f1813939cdbfe2201b74343d152e2b314f23fa2cf2cf2
SHA512e84008a33644bf0ff58d4db9d0dc03c9866b43c96c28e5ea614b22e1f3d857fbb7f6500f412ec18daa9263e8df2e52b30e3b6d1d4b839fe7575572e590ffc9ae
-
Filesize
42KB
MD5ce602cd1ddaab5278224effd2b90ec82
SHA16f8f1d4b188406145ce53459e9955cc484b62e41
SHA256aaf0079d188fa62e46541a0bdf289fd06034b651896aef61f5afda4b0e9940df
SHA5125b7238d9a52be626a32e19149db1d9fb626a995fea3a219c6eda55a9c8c08e1f4053393d14a7c3e955c645653e14be275efc56530e9dee9fae495ca426a4b371
-
Filesize
43KB
MD5de8341aa301b8f2423540460cf5c6a66
SHA1c8b21576aa2eb7f5fc995d7495a2e0c9f35ebff5
SHA2563f2c2b18ed01af7c4752a550d19fed8c6600cd19ab18cdce1ca97a018cac2a7a
SHA5126ccf015fe8fff65fd835af84013450451223d85c17c2b9b2e7bbc93239cf356c4c5925efaa42b82f708c493b0901407dddd74a891d37511e926486e3a4542050
-
Filesize
43KB
MD5a58b58776525a77d838f371c78712109
SHA1a37b5fb6a5dc3a90a60c7729c13c3fa26e8d1fb9
SHA256dbbb61e3be906add7e38e4cb0b9fc71e2c9f4acbd2ab8a33073213973c027abc
SHA512108ae55708f1fa935886ee00da7ad96cf1e3e98e7f3fd5c1d70f1d5b574a46515e24a861072e3303c8472f3b193e479a6a8d94ac0186a67bb43e81dff1dbfdd0
-
Filesize
43KB
MD5b6befac367c018108fd5906fc7d2566b
SHA155c10832d0c80c82c433664f87fd96e905b6c09d
SHA2561171365e27f7e846077b2315df00bb4b680700d9878df20bacea70461e4b344c
SHA512d5a2ba5a578042ce945994d9359c285476bf322b22f8f447b752423821c346302be89eb813017c88b15c631a52393266d93f0c8b801ac76f92ccfcc7d246b83e
-
Filesize
43KB
MD514afb6448ec63a59c064e1673803b42c
SHA14d099f9f7f97867a6d4a9829cae420b3622704cf
SHA2562c8a0b42d563ca46646a242203c2d9d5dad6f4e0711545e7126ee39df13ec3ec
SHA5120563e35d823beaf2507c6049fedcc7d1f5c901f1244e6ddc267f6eeb76622243c9a7ea4b8c365db46a153901c859b025883fd647a8be40952de525c8b224fe41
-
Filesize
44KB
MD5c55d0485aa3efb1cd8d40502fcac6d42
SHA198753e245e75dc836e4c1c7d3dd0f60f398a5a88
SHA2569970bfdeba8af473aebb8c1ac7a611a794470e6577836571b0841424f69aca5c
SHA512ab4cd9c930e3c574367d6335e5fdf62bede063e785de4e936716bf0b3de9d135c6918c10729614a8bd52f971c8e4cc696e8b3bbc02aa93823cc45b5eafdb8c54
-
Filesize
45KB
MD5a001e0b7b98b4b03f2d1930adfd18bcb
SHA1ea0508c7ac4492b7aae67d956208ddf32eac62b2
SHA256d92fd88a65c82470708082db14c632cf435f2fcc440d70405d79ef46b71e1b44
SHA512f094aa3ee4eb0fdcf7862eb7b1c3cc29749b398b34922220247dd4f5722a77bc9b29a0fb8a9e98093be281934e69ce260a3f9db1edff96bdccc0f8763e18f823
-
Filesize
44KB
MD576a32900d5aa8725b0e92b166f6c8185
SHA1a8ffdbe986abfa1c791dabce6afe5f97346378a4
SHA256e523d100c82babccd5f3812b9046b0009481dc3acb012c66fe0a63fe9631e788
SHA51260aa73fd9eb5b603c0cde7dbb9255d8049e9b2c1b84d6424f371987afec4ffd212653c4acb9d9ced658b24c813ebbcd7f295725d80d61a256843584d2f0ac6b8
-
Filesize
42KB
MD56f105b58f0b8c834b5e09a0023bc85db
SHA147422bc162e8ef8ad2a5839eb3d9ac39ee7f24e0
SHA256e2b0b292e94efda3540222a0fb50995243e048de5dd848cbdc7787e4da9886f4
SHA5124d837a129bc33092a036a32959a985723b815e5352b12468254d7c540e3661a1ab871e436d2089d770a7e62fa74a52d2f7a6458cec45a3ec9afd0a93a6f4105d
-
Filesize
43KB
MD5573d166d52b5f529b73148ff97c36b43
SHA12d3bd899ad788701102f30c0709ce4741315ef91
SHA2563588ea973f174e8094e026c4cecea21899203a709b3d3d1e9d3c0c8025422136
SHA5122bdd2fb71025721759fde516249cc819b43adfc6a3b45a4ec370456b8878983c2a4784bd81e86290e80bf8426871b63555ce021f54148e1421d4f59d3a45ac2c
-
Filesize
43KB
MD5a71d507c173f643c1b34bcb991ed7461
SHA10ece9f06faabb54aa1cccee9da41a20b0105a25d
SHA25686cb6ab2d72905beaca1e07cef2e9c28f4ca701dbf3c7ac64347a81d51fba899
SHA5127f80dc6bef345ad5ec26074a11b811cc1a7a378848f984b1558514fb79fef6c159cc195e96c6c113ee90ca672c9b0d00ab938840fe90ad67c5e58549ad7d2236
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
163KB
MD5f0d250e7864b14a6bb54b3dafc8b6b36
SHA13b6bc2c3d84a5aa7cbd94bca399f2f0e2f28aa6f
SHA25632c8a06d6b9f050891b9b379604d93b23b93d1ac4b4e65d84a9992e556d2e91b
SHA51260bd3c103f8112b4f6495b46d3e74370f5db801ba20bbfabd114fa32a53e3bcc7a715b945bfae293aaf5d3680abb9b2b234cb32d7505b1fa298670340726e918