hxxps://thepiratebay[.]org/search[.]php?q=Revo+uninstaller&all=on&search=Pirate+Search&page=0&orderby=

Analysis

max time kernel
502s
max time network
504s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://thepiratebay.org/search.php?q=Revo+uninstaller&all=on&search=Pirate+Search&page=0&orderby=

Score

8^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\126.1.67.123\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	BraveUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	brave.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 61 IoCs

pid	Process
2100	BraveBrowserSetup-BRV002.exe
396	BraveUpdate.exe
5280	BraveUpdate.exe
5332	BraveUpdate.exe
5364	BraveUpdateComRegisterShell64.exe
5400	BraveUpdateComRegisterShell64.exe
5424	BraveUpdateComRegisterShell64.exe
5444	BraveUpdate.exe
5516	BraveUpdate.exe
5564	BraveUpdate.exe
5940	brave_installer-x64.exe
5996	setup.exe
6020	setup.exe
3736	setup.exe
3312	setup.exe
2660	BraveUpdate.exe
4700	brave.exe
4500	brave.exe
2352	brave.exe
5420	brave.exe
5216	brave.exe
5860	brave.exe
528	brave.exe
4708	brave.exe
5464	brave.exe
6104	brave.exe
1364	chrmstp.exe
5072	chrmstp.exe
1436	chrmstp.exe
4712	chrmstp.exe
2660	brave.exe
2320	brave.exe
2672	brave.exe
5148	brave.exe
6748	brave.exe
6772	brave.exe
7208	brave.exe
7432	brave.exe
7596	brave.exe
7620	brave.exe
7868	brave.exe
6156	brave.exe
6160	brave.exe
6780	brave.exe
7548	brave.exe
7516	brave.exe
7056	brave.exe
1344	brave.exe
6384	brave.exe
3020	brave.exe
7520	brave.exe
6780	brave.exe
8100	brave.exe
6100	brave.exe
4564	brave.exe
6328	brave.exe
6556	brave.exe
6032	brave.exe
6320	brave.exe
6284	brave.exe
7956	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
396	BraveUpdate.exe
5280	BraveUpdate.exe
5332	BraveUpdate.exe
5364	BraveUpdateComRegisterShell64.exe
5332	BraveUpdate.exe
5400	BraveUpdateComRegisterShell64.exe
5332	BraveUpdate.exe
5424	BraveUpdateComRegisterShell64.exe
5332	BraveUpdate.exe
5444	BraveUpdate.exe
5516	BraveUpdate.exe
5564	BraveUpdate.exe
5564	BraveUpdate.exe
5516	BraveUpdate.exe
2660	BraveUpdate.exe
4700	brave.exe
4500	brave.exe
4700	brave.exe
2352	brave.exe
5420	brave.exe
2352	brave.exe
5420	brave.exe
5216	brave.exe
5216	brave.exe
2352	brave.exe
2352	brave.exe
2352	brave.exe
2352	brave.exe
2352	brave.exe
2352	brave.exe
5860	brave.exe
528	brave.exe
4708	brave.exe
5464	brave.exe
5464	brave.exe
528	brave.exe
4708	brave.exe
5860	brave.exe
6104	brave.exe
6104	brave.exe
2660	brave.exe
2672	brave.exe
2660	brave.exe
2672	brave.exe
2320	brave.exe
2320	brave.exe
5148	brave.exe
5148	brave.exe
6748	brave.exe
6772	brave.exe
6748	brave.exe
6772	brave.exe
7208	brave.exe
7208	brave.exe
7432	brave.exe
7432	brave.exe
7596	brave.exe
7620	brave.exe
7596	brave.exe
7620	brave.exe
7868	brave.exe
7868	brave.exe
6156	brave.exe
6160	brave.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\ml\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\VisualElements\Logo.png	setup.exe
File created	C:\Program Files\chrome_url_fetcher_4700_1103006265\ggkkehgbnfjpeggfpleeakpidbkibbmn_2023.11.29.1201_all_acqy67ncydhwie54b6ghdtndubgq.crx3	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\fr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\fa\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_uk.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\chrome.dll.sig	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-hy.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sl.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1477465177\aleks-eva-1.jpg	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_356446036\_metadata\verified_contents.json	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-pa.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ja.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\es\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\bn\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\cs\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_236753502\LICENSE	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_bn.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_gu.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe	brave_installer-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-es.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_ta.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\brave_resources.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_669777327\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1477465177\nabil-george.jpg	brave.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\sr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\tr\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\vi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_uk.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\hi.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\eventlog_provider.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\lv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\ro.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_348505340\manifest.fingerprint	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\bg\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_669777327\1\scripts\brave_rewards\publisher\vimeo\vimeoAutoContribution.bundle.js	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandlerArm64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\cs.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\ko\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_lt.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_hu.dll	BraveUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-gu.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_kn.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_pt-BR.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\dxil.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\ru\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-nn.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ms.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psmachine_arm64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\chrome_elf.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\Locales\lt.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source5996_1808339140\Chrome-bin\126.1.67.123\resources\brave_extension\_locales\id\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-kn.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\goopdateres_sl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\psuser_arm64.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveCrashHandlerArm64.exe	BraveBrowserSetup-BRV002.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654790330626930"	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\BraveUpdateBroker.exe\""	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}\ = "PSFactoryBuffer"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ProgID\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0\win64\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\126.1.67.123\\elevation_service.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4576ED7B-F35C-415A-905F-AD43D0A7BC46}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine.dll"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine\CurVer\ = "BraveSoftwareUpdate.PolicyStatusMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback\CurVer\ = "BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\VersionIndependentProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassMachine"	BraveUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation\IconReference = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\goopdate.dll,-1004"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\BraveFile	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ = "IGoogleUpdate3"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\ = "CoCreateAsync"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID\ = "BraveSoftwareUpdate.CoreClass.1"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\ServiceParameters = "/comsvc"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\AppID = "{08F15E98-0442-45D3-82F1-F67495CC51EB}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4576ED7B-F35C-415A-905F-AD43D0A7BC46}\InprocHandler32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.149\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32\ = "{2DBD1A66-A7EB-4A31-BF87-09E7FC12850D}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ = "Google Update Core Class"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods\ = "41"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ = "Google Update Legacy On Demand"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ = "IGoogleUpdateCore"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	firefox.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
5516	BraveUpdate.exe
5516	BraveUpdate.exe
5516	BraveUpdate.exe
5516	BraveUpdate.exe
2660	BraveUpdate.exe
2660	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
396	BraveUpdate.exe
4700	brave.exe
4700	brave.exe
7956	brave.exe
7956	brave.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6284	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeDebugPrivilege	396	BraveUpdate.exe
Token: SeDebugPrivilege	396	BraveUpdate.exe
Token: SeDebugPrivilege	396	BraveUpdate.exe
Token: SeDebugPrivilege	396	BraveUpdate.exe
Token: 33	5940	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	5940	brave_installer-x64.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	3736	setup.exe
Token: SeDebugPrivilege	5996	setup.exe
Token: SeDebugPrivilege	5996	setup.exe
Token: SeDebugPrivilege	5516	BraveUpdate.exe
Token: SeDebugPrivilege	5516	BraveUpdate.exe
Token: SeDebugPrivilege	2660	BraveUpdate.exe
Token: SeDebugPrivilege	396	BraveUpdate.exe
Token: SeDebugPrivilege	2356	firefox.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe
Token: SeCreatePagefilePrivilege	4700	brave.exe
Token: SeShutdownPrivilege	4700	brave.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
1436	chrmstp.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe
4700	brave.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
2356	firefox.exe
6100	brave.exe
6284	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2428 wrote to memory of 2356	2428	firefox.exe	83
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 3816	2356	firefox.exe	84
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85
PID 2356 wrote to memory of 4924	2356	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://thepiratebay.org/search.php?q=Revo+uninstaller&all=on&search=Pirate+Search&page=0&orderby="
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://thepiratebay.org/search.php?q=Revo+uninstaller&all=on&search=Pirate+Search&page=0&orderby=
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc1c264-7134-44ea-b1ae-fa3d644a62bb} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" gpu
    3⤵
    PID:3816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565eec7a-6ee7-4fd5-8208-0edbe48c0938} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" socket
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3020 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bacd636-8feb-41a5-babd-576489650de6} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4060 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cda94d8-1a6b-48ec-b519-df2de29f589f} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4812 -prefMapHandle 4804 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67275bf-3316-4f0e-8356-f07e2c22e00e} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" utility
    3⤵
    - Checks processor information in registry
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5212 -childID 3 -isForBrowser -prefsHandle 5204 -prefMapHandle 5172 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adddea5-e6bd-4c33-a8db-f1bdd21ba153} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {892ef24e-1a67-4334-8eb7-1b13a373d69c} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed2fe67-69c3-44b8-bdb3-6bf8786852d1} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6116 -childID 6 -isForBrowser -prefsHandle 6724 -prefMapHandle 6720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54ed0bf-caa5-443d-b51c-d31f4cf1fee4} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6504 -childID 7 -isForBrowser -prefsHandle 6616 -prefMapHandle 6656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {680df4a9-062a-4768-88e6-9648ae112c5f} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6180 -childID 8 -isForBrowser -prefsHandle 6620 -prefMapHandle 6808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a75c9d9-50be-4398-a035-a91390226593} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 9 -isForBrowser -prefsHandle 6096 -prefMapHandle 5612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2935f92-4488-42a6-a08e-a0545c7bb88d} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7016 -childID 10 -isForBrowser -prefsHandle 3036 -prefMapHandle 2972 -prefsLen 33958 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {077f06e2-d554-4e19-91f9-31d4076c8088} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 11 -isForBrowser -prefsHandle 3600 -prefMapHandle 5968 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe81e103-86db-4fe7-8a02-796fcab07358} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3600 -childID 12 -isForBrowser -prefsHandle 5136 -prefMapHandle 4660 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1e2043-ee22-46a9-b50d-003ac09c4ea3} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3600 -childID 13 -isForBrowser -prefsHandle 5824 -prefMapHandle 6612 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ab8deb-5ff6-4f6a-8f3b-0325059447f8} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:3756
- - C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
    "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - NTFS ADS
    PID:2100
  - - C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:396
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5280
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5332
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5364
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5400
      - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5424
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MkFBODk0MS1GOTc0LTQ0QTMtQkM2OS1DOTRBRTQzQjlCRUV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NEIxRTgxNEYtQTBBQy00QUU3LTkxQTktOTQ0QjBCMjBDNEY2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE0OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI1NjYiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5444
    - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{82AA8941-F974-44A3-BC69-C94AE43B9BEE}"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8104 -childID 14 -isForBrowser -prefsHandle 8100 -prefMapHandle 8096 -prefsLen 31072 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1532ae13-ff77-466a-b7fa-920f356998f9} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8352 -childID 15 -isForBrowser -prefsHandle 8344 -prefMapHandle 8340 -prefsLen 31072 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c656e4e-b820-479b-abee-ba150e6add55} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -childID 16 -isForBrowser -prefsHandle 6584 -prefMapHandle 6088 -prefsLen 31072 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c8eb72-daf3-4f7b-8d07-cb0423f015ce} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8680 -childID 17 -isForBrowser -prefsHandle 6584 -prefMapHandle 8660 -prefsLen 31072 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb4c9cb7-9bc1-4f91-b298-322ee288a4ff} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 18 -isForBrowser -prefsHandle 7012 -prefMapHandle 7004 -prefsLen 31072 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2831167b-0240-4e17-ab8a-e7b1adcafdfa} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
    3⤵
    PID:4324

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5564
- C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\gui655B.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:5940
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\gui655B.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:5996
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.123 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff6dd9fdfd0,0x7ff6dd9fdfdc,0x7ff6dd9fdfe8
      4⤵
      Executes dropped EXE
      PID:6020
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\gui655B.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3736
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{7AA424C6-6BC2-4BD5-9AAF-D4EA92BA70ED}\CR_20CF6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.123 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff6dd9fdfd0,0x7ff6dd9fdfdc,0x7ff6dd9fdfe8
        5⤵
        Executes dropped EXE
        
        PID:3312
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ5IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0OSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MkFBODk0MS1GOTc0LTQ0QTMtQkM2OS1DOTRBRTQzQjlCRUV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7Mzc0QjI2MTUtRDdDMy00N0QwLTlDQ0EtMDNEODgyMzZBREJBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMS42Ny4xMjMiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEyNi4xLjY3LjEyMy94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEyNjc2NTA4MCIgdG90YWw9IjEyNjc2NTA4MCIgZG93bmxvYWRfdGltZV9tcz0iODU0NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzEwIiBkb3dubG9hZF90aW1lX21zPSI5NTU5IiBkb3dubG9hZGVkPSIxMjY3NjUwODAiIHRvdGFsPSIxMjY3NjUwODAiIGluc3RhbGxfdGltZV9tcz0iMzE3MTEiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2660

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4700
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.123 --initial-client-data=0xb8,0xbc,0xc0,0xfc,0x120,0x7fff062d3c80,0x7fff062d3c8c,0x7fff062d3c98
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4500
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2352
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2260,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5420
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2400,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5216
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3388,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5860
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3400,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:528
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4128,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4164 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4708
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4784,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5464
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5328,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6104
- C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
  2⤵
  - Executes dropped EXE
  PID:1364
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.123 --initial-client-data=0x294,0x298,0x29c,0x26c,0x2a0,0x7ff74ba3dfd0,0x7ff74ba3dfdc,0x7ff74ba3dfe8
    3⤵
    - Executes dropped EXE
    PID:5072
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:1436
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.123 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff74ba3dfd0,0x7ff74ba3dfdc,0x7ff74ba3dfe8
      4⤵
      Executes dropped EXE
      PID:4712
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5512,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2660
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5732,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2320
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5888,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2672
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5928,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5148
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5408,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6748
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5404,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6772
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6440,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7208
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5992,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7432
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6252,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7596
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5572,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7620
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5144,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7868
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6220,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6156
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6276,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6160
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6320,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6780
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3836,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:7516
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6364,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6580 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:7548
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6336,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:7056
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5764,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=6404,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=916 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6384
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=2832,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5580,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:7520
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4792,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6780
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=248,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:8100
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=3416,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6100
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=3428,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3412,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6328
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6672,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6556
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3812,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6032
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=6824414745722370774 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=3864,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6320
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4900,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6284
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6068,i,27102866313583879,4940736620848302747,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:7956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
b16dad6861b31fa26955e16d4c4f477c

SHA1
b558a4c1081fecda8901cbadfae9ba90353a6620

SHA256
684f582f5cdf698077df5f25837ec677d53e0d8e26d3e3c599d6b14c8b1a0164

SHA512
f8ae6474da8a452cd2ff319a9566423e9dbc86807bb1edc5a6d82f90f401c7f9cd60f4c34954d2cf5e9a33e3d9516abf4123ea198d6d71ebe6885876aea0fde5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
9d612e64936261785e40de177b4465ec

SHA1
05a597e23e42cb53d9d4e25df439a7e524046fa0

SHA256
18f069a4394d977d8f4ddb67158b29ef64d38abb17b9cfd095923fe775d6c30f

SHA512
b5d9caac93a656a79eff14ba82bdb8b2c54ba91fbabf48199dca5bf6bea294d51421031a28c1171db94d6d6248283369be0cb9be42ac59cfc8432c245415cc42

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
5f92d34dcff00a37e90b98e33ad8d1db

SHA1
87461de2700d271e1fd38dc2073f02dffe618b7d

SHA256
d9b0cda160918b3d3ddf6b3875621c8858c4665ac8b7d868e299eaca61af58b8

SHA512
aa05f236a2be208efd264ba1c5e6ea191894d062babe95e1041bc0dd24054d5c99b4f0384d6f9706336842a757b9404d37f79a1abd11511cd07819893ce3fee0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdate.exe

Filesize
163KB

MD5
3ed7a1033b9b04c1cecf8c78f8cdea2f

SHA1
07c8820f17b0d7d434b8d30b93f93972c8e7be0e

SHA256
f86b9c463d5a2aec77ecfa7230e279953af280c6e12a1bce88d1bc2c1aabfbb6

SHA512
0eb19924fb9ee933ac26def7654944a18acc83d87cf9e7ab08f31ee5459be787b59b0771a53b6b478ef7184d8905ed48213632ee98f8ea63f63477b443b1dad9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdateComRegisterShell64.exe

Filesize
158KB

MD5
a2cff9714964372a14e0edfc001f9b86

SHA1
151d7a08e0c47f6899042be3605bec1363c5ccc5

SHA256
1deacd81d09e9399c086c72f8a10238e27f0f83ec85e65dc68c36d74f028f6d5

SHA512
3eb3fa2079ca82794217a1efea956466cc20b3d039dbe6267ccec87a8970b3aa4d3c7e986bfc7d985a4d6acf1111620f8db1002ee64cd5033c37c13b1881b83e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
142KB

MD5
4461bb925946597ba396d195bcb8d8fc

SHA1
8ba4e2533ac62a8c236d4b097e4e0c0a8e6d1c3c

SHA256
df0064d52f9044cdb532be858d623e3b7c1289abc73b88a908beb981ba06320c

SHA512
facf3211f69adb8f913ef65c6e64703a61b3d87caadbacec91b18be559b0c50365fb9f4540526b14c6e4c52acc828266bacdb8b662da2ef35df1703929f4058c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\BraveUpdateCore.exe

Filesize
194KB

MD5
e218373b2a048e05e79d5fb79dece052

SHA1
20ba47e1db5a4fc93f8212ac1aa469c882d2732b

SHA256
97679db9b816e0f46398c7aeb83e1784f56920de77ecbe57706e1f5253c2ce8a

SHA512
0e68c6d4fc89916b66709e35b3abdbf0734f7ebf9623a905a6e0091373ca0309901bb7ffebdcab8f54dd6bc54571abb3fcfa9f1952bfec9074dfe587251f7e57

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdate.dll

Filesize
1.0MB

MD5
3dc1e42d04cec506aed38940eac8a57a

SHA1
fec05108d72f2268d21e6eef568740e2f13d3f8b

SHA256
000d1ec9d9e3450c2d8029a3d100735756a59b6cf2181892ca200263eeb4e039

SHA512
f49114b404cc740ab1a437c848807a8eae8b111a297200ce802710d06985688428fc163ee58667b980071e544f90b62b91d38ddba33fd830fe144a61ac446e95

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_am.dll

Filesize
42KB

MD5
6cf6316830afa38060a60a7d012136dc

SHA1
00412e5086b89fac39fa27dc62a78eb3ae31d7c0

SHA256
24bdbd05eb763f0262c49d8512f61dd7c44f11d4dde1f8101c8fa12ee8e8d1df

SHA512
3d0aac1f67ff17792b7de4ce88eaa917eae7b30242dfa0f843cb73a46564842915eea30d130ca7f7c6611b694f246754ab65b480a9afa95d423b4224d8a36dca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
d8731b39ed9a393e3e289c0911ab1eee

SHA1
a18ba2fd85a176aa2fb36864926375da343ccf4a

SHA256
3710fba08af216d8e963b636364d7d2d20811bfd636722746cb4d10de772a2cb

SHA512
d91608f1129805c9e9229e0cc0cb7c4352d41ef4bc1bbabb8d63e1272e31d2ee05e85391108052c0865d53a269d5d73410af67123315755fc30e2f6215ee05f3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
e2d787c5cf0303b451797210d31d916a

SHA1
5289357ce5dfc052f476ef78fa7fb214d57e992c

SHA256
a3fc2bebcb055ca96f548f8d0b109d8a3a1231cc8dd6bf82760286cb90187a87

SHA512
96e10593e5893e05c2cff3f08ce97da0e6758cac14a9ef5786d7f2538c301ef9b0766c173ab52e7c6b6e728af743ba906a22fa91543b7d3b5483e2d7573f390f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
1dc7a864e0dd031ad67cc64c227e069b

SHA1
46917a84bcd414e8f8ce0e327458a2b1fc2763c4

SHA256
dac4633e943e6bc66f927a1dd3122943b6467f5fafcec4e20015675a03740bd6

SHA512
1a7ad4c5e72636b31d0b4bc0f8fc7bf6ea5989344321cfa1c257458e79acf04dafc6e1251e1bfe1bc0d8db430ae675b0cd5a9f669daa81431c484fd05b417315

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
4b20334c56d43cbdc0b2a1e0d0673381

SHA1
36130db6aa55769e7943d08db798c673bd31cfb5

SHA256
54facde182197b136dd3e342b75a79ccac700442e55240bcc7c519b62393d7f3

SHA512
14647ff17916250b7049441ee58c93df4a6407325196382dd0ed458bbf9feba13a4cfaaca0cdd8b4479fdcbe2a0bb67e7c8ff21d854ca1ea38a708f16b3ae24b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
7efda27b50d9ccedee0167af8f5ceffe

SHA1
d92067d311a1a43a074fb9dc22cbaf64fe729ef0

SHA256
92d27bdc536f9a9ffb6c25269169d22fd601931970e9ee40666164329e6b6638

SHA512
4c96427dbcf65617cd659dbf1ecd57310643cfc59d59952baa6fa5ea985307e45776b44a7d7bdd3a96a2877bd8579962fa9800e593b18c4a57c87496c5722c8c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_da.dll

Filesize
43KB

MD5
4bf7aecc37ccda1ac33ad522efc499c5

SHA1
149dc692d8477ba49a1a21c11728c185db23270c

SHA256
ac94a3d631a41ac2ab3fb84174b7f5256ea7e701c77520e8c908f0faf2a2727e

SHA512
280c63ac845637da9cfaa404e03dafe0a0bb57be384507dd662405dcaee5207c684346b0318c43d82d0f977776443008e69371b76866f5c92e5bc36e54078322

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_de.dll

Filesize
45KB

MD5
14083ae2a8aab155509020ae66f28069

SHA1
3d9a92a66dab14c12c45c4df477df692de2eca63

SHA256
f3b801c07754e2035c669fec667e4a1562e4fe41cb1701beabe8253c6eab36b6

SHA512
4d86c7d8b53efd5d25797372eb4a150c1576bba3264e68a23a5a78990edcde26932204a520aa7245bf5728946b2b99486bb6f2064ea0047e8bd8dc3aa35cdbbe

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_el.dll

Filesize
44KB

MD5
fbe097375e6d2b8f0f6d24e0d2126081

SHA1
8401e3c8a1090fc5c12f2bcb1de6038b9737a131

SHA256
ce690190442de8df1c6e9fceeaa2188f0a87a1a229cd55dd46f6831977b1599e

SHA512
bb1357dbc31a47a73fbd44db2ded9824f1ffcb5c9f75a1fd0855ed415a17f65b7aa3fddf8f0d546d809e6d4230c42845bb87be8c7fc290e1cc890b0acda8782b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
a97e61ae7d4f3459268574a627ec1c56

SHA1
be494459f45ad2fd21fd0d74710c7693276b9910

SHA256
77b6a53cd2582ca4cf12369218b43c54c2f3b862308a3c70af51550a0ef77127

SHA512
8d4a6a9049a55a9d2631d6137f69d1aafca0efd0faf1e5cec4f3cf8b096b25f1f3eeca97f4fbaa00b29d9b7c2dde64d3336f2233099f469853ba3bf1cbf35a26

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_en.dll

Filesize
42KB

MD5
a42e392638e3bd562119f329f1f6ca7e

SHA1
4f94199719e63a4748bd72ad5e1302971dec273d

SHA256
12e9fa82d84acbd65b316505b730b4ae4b889d0017ba69e361a693567390be56

SHA512
98f137e1774c45af3843c67db818a53854aee2c41d4d6fc331962a6cd93a1d60a547e8d1d9d09e426b157783565a37e653616dc1c617f22b5a68d02cfab00325

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
81cea0cbddd6ee8415e96f82c0a41e27

SHA1
9869740d09a1358adaab96ddb114c54de117a913

SHA256
0c23e5ac606ae406f9ade1eb302b81d7d8de2aea6ae679eb80ef1e6d17f385eb

SHA512
63878f20d81a41838152273e9ef4d58e9e0a3196b506a4e2765f2d3686bdf780a3fa2d51df98e2a5b70ee78d23e3c5d30368a44d06a4f13907e411b35a044142

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_es.dll

Filesize
45KB

MD5
99faac678c3f67b0145fa57662f8c9a9

SHA1
99a1fe3a15c69cbdb50ae38dd1f853f0cc416135

SHA256
7b8ba0c0819903d0871fc9ae6dec383333059fd4e8ed74ff926a878408bc2923

SHA512
44259220242156399958715dcc7648264a5491eae983a2bcae643df5d013c61537eac6d591688ba64aa4742460c904b34b899e7d2bafd2fb7f50e6638faf5548

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_et.dll

Filesize
42KB

MD5
5adbba40236c012f4a892216a032d22a

SHA1
b231c049976d97b11e7d34bbb88befe22b530e8b

SHA256
66ac88680277361f4b41dee02ca04fc5a4cf9bdb1122393459893999b01a8568

SHA512
1c43102d26a07a988a90e353c5063b091405c2f1c53056c84f494b7556165ef9618b0f90d3d87bcc6663e788f6d15d21c9f9398172a8c4f2f5f6271abd73953a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
58937b906561307a6d063ba5abaab99a

SHA1
c0a411c2f512242a353d28182a9947d5a653d5eb

SHA256
27ff22126fa137c7bf41be7bb98d292da781ad48b49feb599f1b5503bddc8ce4

SHA512
e86c8626c0017dc41b048ddd362043a64354dfd4bb5e3b6773c3251e258d8b76e6a03f57b3978f01bffe757e021d4b66ea712bc5d84f1949795105e64f994186

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
527cb062727b6b5b760fbc197e69752c

SHA1
e82a0f2d2751874ef95f8204baf43651e0778a8a

SHA256
cda0512382541963fba80c7ee453d02c319b598643ccee94d4146c0d5dfab261

SHA512
6bb6bcfb84bc6e1957a97bfe3c7796311a0fe5580120a1f5657b4bd71b69627a7c753139a805d00bdaabb9308abd7da52bf6a0a03e5d85bfb4eb1cb99e5a92e2

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
cbbfc844cb65b8eafa56d02d6ccd3c3d

SHA1
7ea60ce77d1631a57e03313e6d78e5ca0387339b

SHA256
f47841baaaa869e5794faf056f9cdfd0bb56d53029e1205e3fd39843e0cace0d

SHA512
da2061b592d0de1a972a3aae12c4def2c6d37a8615bbfb282657138c058dc68cd46fb9fb07cfdc4da36e56023b405723e418e705782cab551a00ebdfd0286c22

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
03fa8eb5da6400ed631a663e605b73d7

SHA1
c8773e4422e84d01089a4a1870b22d64b97c7b6c

SHA256
b79d71a5a804d056b11871a563ce4ceb6e3efe42a2c1e70ee4137cd9af2b1ba8

SHA512
b7e14eb53181328e033834141ec880a5b74a1e3f22288a5b0dc356c23162eb76b2fa23601d56046dceeea5753e7525d462f566723f57917b6553aa317d1aa98b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
edab94d434e036d480463b61c396673a

SHA1
92706a0f0f0bdf4a3773f010c8b15404987bb004

SHA256
2a48c45d5ad84b3af2985a85dd7fa266f74d50ac40c9c8898b2fa2b124029cb3

SHA512
38157d5c1c613e9126e46507611c426ef6a8b8ba59cdc4291a2d477f3bad2ee187f1da9e906f0257d09252a4e11b82357a44c5639544df1828f7e094ffe7aa59

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
0a37787ef989cf8ebf64450cf88ec22b

SHA1
fd676848df0f3bb2c6ccbd0d99d8962144dca809

SHA256
e79e09480e4d8c3439305dbda3710bd43e4b006b76edb8c38542d3eb08d428c0

SHA512
65c5ba127627b190e5c83dda76ce2a0b182c419263816b7c2835c2080e86564bd40f16483cd22cb08a4df661549681efed50498f3b2740fe453bc15e29c8dc27

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
d4026d759ecffcafc31729daa96cf069

SHA1
8346f89f894bc800e13d87897437ccd8f05ad642

SHA256
9414670d9bc1e0a1de3592a1388f7770dd0728bcecfdea7d32e55049b2f4dfec

SHA512
bf20f1ceec54f365a1e1f24b37232b8a7664583bd89c5569452ddf7d7c09f5cd0278cd85680706bc42c2774eaf2a27f8f6ef3748f4b9a9890fd93e5e4490d371

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
a190c15d80737bd1fed697bf68ccd299

SHA1
82ddfced5f9437ab625ad49ddeaae2e189d92bd5

SHA256
f39d1f432f7d104df9d4cede43e9551f6bec8665f5f5d9d9a8c591ab82418b34

SHA512
17e093f74a1e06c58ec91a610465044651795ec7efd32a9815dbb577617ff74b7df0b77db19810b84892c40994ec18eac3b6c5bc70d645f6c383349e780aafb0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_id.dll

Filesize
42KB

MD5
49079359e755ff94169082368d2e28ff

SHA1
2469ae4a9c9650dfecc49037ff2a0a56750e8e83

SHA256
3ff8b8d40356c88b936af877dc67546481c44286f1aa4186603267e873abe248

SHA512
24ea4b0b90f39b6f812669f6086fdfe5deed68b4ff33414ae34a152b1404e5135159a3ecde6fc85df6e8c29deb49a0f2e8fcdc9e021c4acd46f2b6105507e428

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_is.dll

Filesize
42KB

MD5
f87b951fb68e2a324f74681aae1a8263

SHA1
50db0407ca7aa13835865fce2e735b6faca9c53a

SHA256
1cf654db0806ef1d1f0f918bf1057d8ddc02cc79538d989096863d337570d37c

SHA512
e62b2414d43cc480fdada5b4ac55c831cd277c64221f5b4ff1db27ad12951c9e49b11aece1a3a68bbc9ba6a992447ae17a9bf0c9322fd721742e88558fb2a778

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_it.dll

Filesize
44KB

MD5
6166dadb89c59de0acce402c23c4aa56

SHA1
2521d022dd4a3eaf10b387e8e27961fac4c3a0eb

SHA256
f4ee95166dc0270bee92396509bffbe3ebd559e4aa411bd5106411d6c25b4f58

SHA512
e234374018ac343ef42f084814accd74d528403f3aea7816f041ccb04fe0e788aa42cb55cf9e978d034db2e34bb4a3f3bbd94f388669fd1691920bd8222a61a9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
1600c0793c47ec5cb285521a92ba2965

SHA1
47ef873379c16f9cce207ed469d04a30865a1fd0

SHA256
4a148b5e5a7385b1ed68c2b4b679694c640cf927f63f68986aa7c32566d87686

SHA512
da5f06bc2b78da241a86d464664256e647eb73130951f343921143e05ce34d1a589bc5abcf3c8c85973bfd4bcb28370c088818d78da347bec4b75cb640021141

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
945be15f7937ef754dc9c067b4b34054

SHA1
fd3b818882ba258e0e04d05acd4083ea7ff13998

SHA256
770530b8e9386a93daebddc768ac489568457c98aac9ae2abca02da53a1abe23

SHA512
ed947b48f79fdee8af6f4971e25fb3ff7032e227599bf2db61da3ffec838d9af9e9aa75ff17668f7dacb66dafe557558cda305ec0d7f4d09a47c70c5b751360f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
ee041f92737dae7c8e96819b8d39e02a

SHA1
efa4c4e61a2b4382f66ee56b67276d9fe1e3f080

SHA256
2f2a778c457fc339f974d010319bf982db104e6325688fef53c730e7c92ed876

SHA512
67a7be9940515350b2af0a0ff197f930dacf8afeb7fd149cae2ce20c545669288fc1eb92a3aa1331b5ce95d1bf031ed1142edfb61febd5074d93fdc680e047ab

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
c7ae5ed1fcd403acd03ce6905c25bcc7

SHA1
d05d51cd54bf27b2469c120cc7b15659bc6eb06a

SHA256
e95f2d38685490c4ee765306ceb50fc142e7613c3a807cef25f932a96284309c

SHA512
927bb8f2d091a4f388925b40f098a475c0b7595107c45d5c863de7f503d1c94d18c7e7d36ccc0b50900630914e2dbd80a4bc464717414bd7cadd502d227a225d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
49c8df28d8395ad5fa456bd51a50dc78

SHA1
9f6b153bb16a5d06f5c1ed3ca2d1bb7cd68fcf64

SHA256
1c832fb45025cbd6ec42833c88b70e55a2995c5c9c11c27d54a8edacbc528e90

SHA512
d19f521f4b077e0bf47d6909b97682272c858d1e29fe5f03853160859f0d8d55d7251eaea45d821010f88fa2d9e98d79218f5d7b00d18bb0b0e6c69c81fbe539

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
394026e172be2f17ef9351ab01feeda7

SHA1
16ccb4e3218a8e65f57b99b3aae49bb977c74c59

SHA256
557005e47eb83784697da95b793e64e9bb13158873ccc1d71b2a1f4beddc13d0

SHA512
141357427fdec2af88db01627a62370fcc71a8d22bec59ab63faab022ea4322992e1c4bb7b29dad725e6886e010c492e7e8db6d8744d9c45484782ff79d82fdf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
6225f4d519bf8b72646c558853ca074a

SHA1
c47f6188774ba8366b19b2da04f6b4fdc6417053

SHA256
496bcb6dde8fff01ac4f56f1c8a85d04ef8c91b73a12b724864d03046d85fe90

SHA512
36fcfe0d4de695dcce97f5cd2795daa81cdc01fd078686d5ad6fcc6d9b98c049e1f81f66e186c3eb63c35dfb9e85e0d465022ab155d3460fc827aa24a69ee8f5

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
36bfcdb12896977d206f8a36c16eec99

SHA1
b9b955153758791fae5d841ca5b0310e203aff25

SHA256
0e5dbe19444bc4d488764db0331b002e2f02dd30e12722789973f910fc84564b

SHA512
8c4a1cc079820b5ef0ca1196b128696d5a3175bc70cccb3fef8275bc90997f5057100315ff50007d088e85088dcbb26260e90b2f69ca7536345842c46fbb97c7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
c63058ca1d44a9b02405742da29acaff

SHA1
ccb8c9453f5dbd5c7cb59ea1e0f6768b1552bce9

SHA256
1df66784f4d7bad01951dd19553c1e231085531de63e5c341c8eac2b3daa7214

SHA512
926308cd7e3785044b835c6b56682d9951818946b102736481aa7ce3290114a87312e7929f5501aa261d22b94ac88986ad33e2fa5d09e001dcdb51bfa3f56f60

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
f5e81a1c0cd615d2d7de00e66184c158

SHA1
486eccb94882f911b817eeea1c946fadd9ceb207

SHA256
f00a4cc3da4f2a51bc3318ea412efa965ea9405d3ae4ef0e7dfa7a9b8d90680f

SHA512
2932505ffc66830cd320256ae2d5a97964c14ac6aac2952337a15ca65463a27b64693ac769f0d1f2f98e2a4a1deefd4a69f251afd38216b5194a83a24e137394

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_no.dll

Filesize
43KB

MD5
4eb899682f1e5fa369b596104f30b035

SHA1
d6260e3065b6316d0b03f565730d82d4feb327f3

SHA256
b9825a748d1ba4c1860124c1d13d4829a96cc51ca3cb427e42205328ba33736c

SHA512
9cd8cfedbb165ad31e65f42d849369a9ab9d30f18887fa6d69345c84e38063e60239e7acfb21592ca684cc6918ed5648faa9b1567a9cd8a202f648219a2ea522

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
bd96b7941d35b2b634f6af1f03f33c84

SHA1
3166ee5f1a3af1cba9e99a5c32b200c1ca75e7b9

SHA256
9de532e4d3efb6719ead9807c2b33af360b4db56aa60be5c711beb48dcbbf362

SHA512
3ebe3b6b7303a788112baff66a45c09f2750645a58d44c37adeff4e0f1937872d61d73c8e000124b3b0267d50a27f2385c3a18bffca7aa7c96d09f7005c18eca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
094b590bd6beaa9f188995ec3da15911

SHA1
0bfa98f886fb13a53fdbe242f8a57782edec9700

SHA256
abed731bf825dfa08e0317c7c91ddc52dde6132c85db5c425b259389d2d43b64

SHA512
7e886219241c1c9c55d9aaf097d65a1264d8aadee8339b79a8149ec6e704d9e80282317958e4bd976531d85a3bcd924780588b2374920c64a5f6b1a108ea9bca

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
3bc40e1ac1cdbf38567a23c60442f7e9

SHA1
b112b27381c3393707a9a31033d45016ce38ac6d

SHA256
d65310f9e1f077df2e6737416dc5d9024373a65b7ae4b292dd59086e33a09902

SHA512
39526b56bd556bb5e0b46b025912952a0219e4db7dcde6968eeaf5537d18682cf67076bc9ae81bdae8eb995769c0153c44d82c2a9cfe33ea09c59b4499f0ba2d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
514f11a42ad9ce38b184a61f7607c684

SHA1
4f536355dc8fca948eef0debcf506464c4a85e7f

SHA256
e1ecf083e1ad9b11f0f2ddd72252b5a8ae0f02d09ff3d0a8f645f34354564709

SHA512
77d0be1a8e5373ce845b1d12cf9a46a9de8b156e866b809ecc2af3d2f65cdd78ea4d99ccf414b6f221bb6177caf0a623c3363930b7294bd9f7528cfb32a7e46a

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
8f1a8a98e7faaf7a22f7398495d7be61

SHA1
e0251c102bb6aa4c9878ca44b2dbb49b7b0ac6fe

SHA256
1a61ca79637a88b95ee36a2579d1989a00afcadf3b0608ff431b6eb0af29a6fb

SHA512
c38be12456769862d9d7f30f0497ac9660c0275abbb646b7b6fb779d9c29f2ef8a32e2c698daaa8cae3e74f20b5073bdbe956cac50bc4302b5bed2436d509844

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
1a0b250b37e09b6373ee2f9b953265fb

SHA1
f4de5040d23054c5416786c59d61d1087195f52f

SHA256
5caac2573bb192f66446794daddba820b99110010e54bb9c24e141cb68c4d18c

SHA512
de47f0f898b17590a8bff1fd65758dd49813d269a04a3d5fd6e5cc09478f8a483e3a2378bdb174f0993a95e76f6d2bb9be9093f0b5490a8278f3fa4e4762ef91

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
8203b2c7d5aa8252ebd7b5b6efecc375

SHA1
6d34fe3a75f8d9556bc66ee0aae59f30ccd607b1

SHA256
4d8c40e684f4dc22ba2c331e3e72875114f99e16e5192a5d2ef66b7a373712ed

SHA512
ce6d8105ec8d88315e91de80ad998ea880b69b319afbc7b063cd86cdd9f16bcf2ee44f59acc9551e5051771e1eb4cc063e5d84551b98d593bd85af0f6a9b5d70

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
edc6d2f58c3905a3e4692550e7434f7c

SHA1
86ff77fb03861472a67e4aea9567cf13da0b0cad

SHA256
7f1f0be2a0bfef03e0179eda628b3647a64274b66c2a0e95d513dab851e371d6

SHA512
a308bbe722a2d6a9d65aee9412679f1efd04b3fdece430063a70aaafeedd83e219e1e7e94bdb597d15a22a9738bf411e76a55c5de16de8229149a1ca496b6b14

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
db2d06cbd1bd7d5519c1a22f8b1fdf00

SHA1
2f6a40bbfc9eff1a32279737b63d4285e41bf4a8

SHA256
284463d4663da132401f34efaf9a36a7012a6a6591aa3792c2ebf4528da008a3

SHA512
d1bca00f0729ceb77f37ccfd4ce0f2dc2fc9a49c03f3bead0145d222f82863fe73b071c68fd17fd71d02fbf6e57b0ed765baa628923303a3599540af9bf2f321

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
35da47c38769b3e764da4c64bc76b5ca

SHA1
7a265e44f276f43dec9a25eb7f10453864d40237

SHA256
24171f509774c79bd817bbb4adebcf9d4c41b0db83ae7eccccb2a236b5e635d1

SHA512
65f22c815c8576683f5647ece8b2afbe827c6fc3b0bf4f2e71fecad06d831cb3bce18116268464d8453c3c63fbd6323155c1e01a6b5a3cc2d109eb32d72129e8

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
10c9627844bd0bc989e48858cb7893d6

SHA1
616614c63950a9836d07a45364761f5e9b6760a2

SHA256
6d1842256db2095d05b5e87d121ca4f13960d8a9a2e05aebcaea2308e49503dd

SHA512
bd92c4c8dd5f365c3067883ba9b38fd2f19769295e1122adddf276801a19b69c782cde0c38311c5d10315e992e7f59651c652945c8ae04aef44b2b2eac229ac3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_te.dll

Filesize
44KB

MD5
3629b3615e6891034a30fa3c77d85e71

SHA1
f07ca586de9c0b9097ff545976e38882b2dcb579

SHA256
9a7dbcf6de86db06eb1133660781213fdd38cdfee15328d3154e8006aa22dd69

SHA512
f09881c662a7467bcdc8bcd7be425405a771013f96dc8bbcc62f943002c4b452f21ecc79dd8292fee820bb89d2ad2e5861f270c488c73ba69880ada39ac0fc15

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_th.dll

Filesize
42KB

MD5
ca64fff8264422e5b7ba8e5082fa87cd

SHA1
799a576232dcd7771118b08795f2fe60b28210a7

SHA256
0b6c5f05b07412021ec7e5dd4e98a4886b3fb6de194bb9762789eb98373a3323

SHA512
7dd87d73542739a1c81f6e948f37311cdf2e93e1ea94e3ca9a4f72ebeec3615c10dc7926916297dcdf29be03ba9bf0518e67afb8699f6e8333dca067677a0307

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
06b20d4b7f6fd5af5bcbbff27d677fef

SHA1
5ab773d71e5b98efcdd11df7603b5a6818ec2203

SHA256
c3e975f1434d956da615e9bbd3d69339450cd71839f5aa9d7515236e18e60146

SHA512
76a7a719666dc4bcbf91d2a697fd623b480a0f146eb6d3db48041a351ae8b556d79c978d6a948c538e2207e0ce1e4e1c916bd2d48d514df9b20236e84f7bcb1f

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
6dc44e26f198067240bff2266dc16c8e

SHA1
6496879351f10831b449f99c1018018aa4da9d35

SHA256
7cf5ac2d246b55b0bd61a05503dbff9d5eaaa49d29857c91d51e7af66ec8ff50

SHA512
07a18fdcb589567bcec6a2272770af79a9efe2d0e92cef7d936e25607dc6bdfda6aa01f41bc9c98c45ce8b4582e3d7c882508739fec8af96c4215f0611d1d99c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM24E6.tmp\goopdateres_ur.dll

Filesize
42KB

MD5
e2f52ae80c0f052885c44babe4abe203

SHA1
c7b46938e8c419b2661775fbab3e495bce5699cc

SHA256
8ef3e874a2215baa38609b9540ad356ace7f3f9d60dfa86e337ce1b414456b5e

SHA512
f56e1793e8be16d3265eeae1b4e5fdf3190c2a87364a7ea8fb28fa7036bf196737c828bd14657735df80576882f86cef1f512f397c8242c859fd669e99d8dad7

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\Installer\setup.exe

Filesize
3.6MB

MD5
c78176c32cd8469ab7d03d73630c4f18

SHA1
4c14b4776f3b9a442a7806d622bc9b9fd0b52ebb

SHA256
5e0f9ef4e66506e7784a328be5339d4c9a0b0f4ffef8527ffc3a0be015e83ff6

SHA512
50b9a8d1525063ce7fbc55c62b5cfd9392d6f992af3ddfb560d342b76720cc1e5a532278b5e7ded815464f57c0b377eac62182180a05ff2a2d49fd705e1b77f2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1045493285\manifest.json

Filesize
591B

MD5
8cc34e7f3256161b8636f45ef5252aee

SHA1
505bcc33447d6b0f95413b783eacea450af468e1

SHA256
23c4ca93466b293e0711cbafd75c3d92025f2bd4180daacea0c3139bf522f589

SHA512
bd7d9f68380dbb3b52a46e94d4cefaca4d24d1e318cd58e99122ae1501ffdc30344c45ae823b4c8668260755112876b99fd6bb76bfecc453218c30c2291c8401

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1063158574\manifest.json

Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1106897602\manifest.json

Filesize
557B

MD5
9eb20ca5d8ec306303c7d63e37bfd2ce

SHA1
33ca5e960f380e76b6a84cca95cebf5bdd129877

SHA256
d31e77e0d7fc1920e2ae476bea2388662b888931aadc13da3a045c9789e8ee66

SHA512
4e784b58fe6a36b02e455ba5b6f9d2c83288fd37d163f780f71fab36ab1900d292ecd0f9658cbb5fb8a797c46163336418a87d51ca1c979ab65111dd18d6d0a9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1259557980\manifest.json

Filesize
73B

MD5
697923f81433877a1a04eb11732875cc

SHA1
6d9be7b5a1a8a6ee1c3e8951c3ba70639aabea33

SHA256
cae294484d0aeed7138060cc5b672e34901f48dea5ac7e5a78a8de5217aab981

SHA512
fde036b7da901864b89ff838c37d05ef347f95f8ac8ec74908419ac6a3b68bbb87c7bbec7fd129c523370b9d33c2b618e442ed020945d78240c61a528dbe35ed

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1406150614\manifest.json

Filesize
584B

MD5
68e4499d53ee881c3d182d0ca59cfef4

SHA1
daa4f96f2409940363ac85dde4d498846569f810

SHA256
81ac672b7e07e7fe5904cef16b7fb04d7392d664820d69ef84711a82343bf446

SHA512
bac91c4c365d5b835c28831767579c0adce619ea97d0f03e9b12035176f8b5bde2ee571a46b14a6c0dddc6d6b788de743b6d37780fcd955dbf101ec5fe042ad1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1477465177\manifest.json

Filesize
533B

MD5
297a9945e57c8dbb0a8a37686ae8f9a3

SHA1
326eec5df2b7afaa6f8c9e023c68c149fb1e680e

SHA256
6fbc033719a533a6863ceb742335aa2de7b6bb3b8c9cab55579ad26134e20673

SHA512
269a7dcd03e71dd3e219e54d00145d5585b246ad8e3092af4a75900dce2f0ce10ca682192f4127a634877e511e86109bc68f8b44b6ef1dc62fe1fcf469bdb323

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1569496073\manifest.json

Filesize
577B

MD5
dc721c2cfb52f83199a4abe836f765cd

SHA1
d92ec2a084cecd60388e833bba76eec16479109a

SHA256
c2d04c0a765b9ba51773163fbc4f57b638944c2bdbc638781d82eaa30ee8c9a7

SHA512
1200f3fa8e6efafa9adbf62fd682c45373917c55c6c7c954084d9bfb9a53c52d060bbc90122ddfb4d66c15406eb6b8a0251dc15565afe37d18cb2ad06c001202

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_161686683\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_1840453782\manifest.json

Filesize
72B

MD5
35abc0d40a8a6f05b7cb24f83f31f32f

SHA1
e64f0e81892656a87d7a90a558948ac1291411cd

SHA256
f4eb5b805c70c657d3aac2bb6d076e21b08366032704c93c18cb27ccb09d76bb

SHA512
92ea93006b86771ec1d5a0f3fc8523c94601fe30ca762b6d56fb7232dfbee417ad4f1cdcbd24fdad7691bab57944dbf27d64732cabd003510f0af0e4aab5c0f0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_2144769157\manifest.json

Filesize
595B

MD5
83014337e4a328334903166aaa1dd4e0

SHA1
16d910804f44542772ede4b79966465c50985354

SHA256
fef216ac181ab7ec4e4258049232094db9d3ef419164c1462bff6787d79f94e8

SHA512
163f509b59c5d64b2289799f605df8cbd08770a5a52e35a5b1afde9c66d99b28cb14304fcdb3056732eabf64a30719f5b8f003b117b8f7ea7c33509f8781b3ab

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_236753502\manifest.json

Filesize
95B

MD5
0404a4d38fff0851b320729fcdaa0e75

SHA1
8320c27c6d03987fb4e274bed18bab4c5b97a557

SHA256
d10b3bd9e93dd21094c4cfbe8da12cecc3bc4d20407d2437d1ea8606014c24ec

SHA512
e1ff6992d6cc4ab3f8b4f4aadd3258079812df85b8e72f94672e5483408d50288d63c8497c71ebf7314e3546763b22ca63a3df2fe9737b7ac4110d8f2e6de1d8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_348505340\manifest.json

Filesize
564B

MD5
4fa20552addec9f565555c623417d79d

SHA1
5a750551853818f5ce06da5531bcc73ef992e06a

SHA256
5f69350585f56f99a3a7c17effb524ab85a1830b41d20f13d428575221f89d79

SHA512
45952fefdef2f1e9b414d2f0f43c6690bd19743e9d57d098361d9677130680dfdf668b2228a245d9833f69162d86f879c2e4b1add2af1318791ba7b3a165117f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_356446036\manifest.json

Filesize
108B

MD5
a6d8fcad2f087998d6d9cd723e2d416d

SHA1
f877ae822e2870f07980d3871cdb7d3750f13732

SHA256
92cd2773424ab148bc9cf5b97327291f137f430a09de9b1e6c6818caf334eac6

SHA512
1f58c56bfd57832f0e53087034bae55af3eebd440d1695c8d613991456f70155c1c164daeb94fe90d098c81f2ff6023e7d49f04a3cae588b2744121e5644675d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_601574132\manifest.json

Filesize
76B

MD5
b5dabcb6b1744da449b7ee8f85258f7f

SHA1
6602da5eb5d1e64644f5427f210ce1e57544bfbd

SHA256
082775d5ea6bacc6bee71f31a68e966b4a7cf8d39adc681894b0e1f89bfbb47b

SHA512
f89296d1dd2f6acffc102c45e1d51516937f4c143eb642cdf6c79d35b121a1c712063f56fdb6636765882246fadacd67cae71131831346f7b5770952070d76a9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_669777327\manifest.json

Filesize
562B

MD5
594e9f1f68d21ee9b55821344466e4a5

SHA1
fedab66c37944d67f37f8ea18544f9f5a1554119

SHA256
e85d2f917f57060abc6c4aa8a468c4e7d655c363f4f95abf746b0c99f6928a1d

SHA512
601cd880c4a36e7ff224baef421d846e5901023d96d74852b90f9dc4f0072fc2efdcbb8edb069c5ec5200c50fbe16735231923420df21e616cc9f357e1026eb0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_705196390\manifest.json

Filesize
108B

MD5
8708fe04287de2476bb9b2947ea4f564

SHA1
f561c9d84fe3c7b88f4a76a6d061230fe0a31e7b

SHA256
00a59d9149a272a2822c8607ccdf747c14d2a5b34225014e09d3cf8b4c875460

SHA512
1be57d6474f779d42a90aa48e766ed4b0275b741a0b35deabfc2cf7e2e2b929cdf12fca86fc443e5d030d99a00c431bfa577b44b3e0d00cc3ceefdc3384d95f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_877490598\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_896345864\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_941811815\6f992c77-161f-4e04-8bcd-7d888653ba73.png

Filesize
22KB

MD5
6ee9714225d67f1d2bdba42d389d456a

SHA1
733eab5b98cfca0c89fec0b2e02264f72d442927

SHA256
6eb9017e0fc67cb7b5e73993bd15d3a9c5b6acea4962157d8bb7bc93b76a8ace

SHA512
e1146fa3118a6ef1515ad35f0db078d4d90fd8b915cfd8d060d15d5ae5d981912308cf5bcf5477a7e79aa3e11d02420a41a4752555ee61df9a9d891c05d59e73

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4700_941811815\manifest.json

Filesize
546B

MD5
014188ae4c36737a0e27478a6afc7d40

SHA1
69f8c8e125a21cdf2a3828e42d767def5c39a49c

SHA256
d22497c26eaf2e643fee28994272f1dbdbc18cf20d2447352965e770787cf4fa

SHA512
6589bed61cb17369770f647b2c13f7cd457d0595efea1a894a8c992bdc015cc9a3d0745bbfc039008bcc41e26b6c25aa8a3bd89899226422104ab67eabc18f71

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\8936\crl-set

Filesize
21KB

MD5
f8e6e09742c512a12a1884876aafef6b

SHA1
9dafbc0f6bd7af6b9dce8ec3414871c366821532

SHA256
43728a790b465af0f875b56f435c44f28fa494ce2d06e4548efe86010c054732

SHA512
a6926308bd74188e72ae370634bea7475c5bfb4f2710b64e7ba88eea1914ed06e7fe8e5251defaa14bd96fa0a63119301ef31f4dfa381aae0f139d4c43d9f410

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2023.11.29.1201\Preload Data

Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000001

Filesize
38KB

MD5
324ce0bf4ac8e204deddae548dc6e98e

SHA1
3084cc5f7303af1e83d014f4ccefa670ff752b35

SHA256
1ab090c5a2f129c514952f23b147d5dcb87d5ceabce11fe0467c87781db2df9f

SHA512
07fec3d8517b3576236fba5c16b2c4460f4cf6694ee6e6f94c226d3f705e13281202a6c23abee87d3564c1746e99d346b35901a6606550512729fcc3f038561b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000004

Filesize
38KB

MD5
1e450129c968afdf540b2202d2d999dd

SHA1
4574b6440b074d4ab92dd8b85cb62e8e51733a30

SHA256
50c5e54cfefb45f1537c13155d2a8f69f2ae386b45c39967370d994b3eef2343

SHA512
5e51fd4009ec821b63d8b529fbb4216b2985cf8c26cf8bcd51d2d5caab922701cbd969e8f59ee6923ce0a345417de4bc7f58195aea863f392b6ac35fe7ee04a3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000016

Filesize
207KB

MD5
5a641d4af4cd4ebc751c4d0ff5390451

SHA1
0b6d6c07151f9e93e107d97173ea5de6d21c6ff3

SHA256
0e16584de89206c4e127988def8ea28d70bb0ef2dc8c914a2d8dc65a83fd2115

SHA512
4a0c770313c8206e9c878c24e7462cd5ea7af76d418261b503abc576378f59a6963a90a588e0f7ed2aaafbb14daf2d6316b5148998d2fa84c1ac4f58189205fa

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000017

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2f8ef8d81be59673ffbcf378cb7ce3a5

SHA1
0f6042c1203d87d9aeceb92633e15aea7c9d653b

SHA256
de7d048f44f4f5c4db9c5f7e830b127f5e6c1109b006bc1babc7e3b9d7c27091

SHA512
c05c8542e2677d787e1ee9fc94efdaf467a099f7a0ca5e3294aabd3a34b9f0634fb31305adbd2e8423bce198a3f10cec6e15482538240ab6a09394619c65768d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
358baae8785d21f6b5cf22e228a38597

SHA1
45efedab7d28f5758dafcc08b2cb19b17e78466c

SHA256
48ccc6b09033d653adb3ec3455447d3c32b8009492e74aae7022e94857cf2f20

SHA512
eb8c0722e792a44a4ee4c60089c701d00c4f33ac8ef2f249b4bf5b6d08dd5446e5414699ff0eea91abcb04acb215e6c01a8b68949a33a3c99b8aa2d62777337c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
218f5f3f583bd65d1e8a071131bc99f1

SHA1
ebf3e9e60c009e2b15a3094006fd614f82904e64

SHA256
8290dfa04ab501af51843ea98f899a525d7c14a4e2f8fb0063a3b7917347745a

SHA512
804f40832c9e92138f5452cb3e63feb6f2bc9e47c35b9ce3e04cbbb36f31fbb2651e9a7100e5e539f93e98a7da4ea55f6ad0f6cee1348e61bd6379037e9c55f9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\7ba2df50-9be9-49c9-a99d-f2d579080b1b.tmp

Filesize
523B

MD5
7b78aefa01c36cbc12e710747ed3914d

SHA1
1a869c9dc626abfaaad3a51545e432a139ce3bed

SHA256
ce1357d5b5cecc7a4c4777d25a918f8ab12e750c161254534a4d1978c27ca2f1

SHA512
22ca9a4adebbea6eb42294fc3df24c3f3fac17eebf654140ecc28e4ae9cd0c76b5a397b6fa9b6545e3c6bd74ce4562b476130185877a913154b86f73b8ffc514

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
63c42c62b6eaced9151bfafc16054d8f

SHA1
379c72ae4a1667678942e7b43e0bbe0d37c5d6ea

SHA256
6f1f5291f8a9a3efa6400aeccbb2e370dfe24bcda13fb565435f51a7fa90c838

SHA512
11bc5d8260e3a4569b93c17db02c6372c946a5948fd4d86effba277ef970bdef33eefbcf9a9085760e33e9795b73a383fffd9a79f015c4aec4c600a6f2fdc10f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe5e9d67.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5f0940.TMP

Filesize
188B

MD5
af781e7dabd1e072cc96c54263b2144e

SHA1
fc4b97c6c1a48824d02d68d4ad24bca7ea4ddcf4

SHA256
47d6296deda4b174f145f625528b5dbf4cd4c298e2117f4e5cad78e262733c78

SHA512
e9ec95bc8571e47e3d963f950af9a6722a46377b1cf85aaf546544710c4d70469dabafb409c1e22d3b235235bd33274445f9c55b440169d05c6d1ab167cc2688

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
15KB

MD5
170ebde93c4814f78382f0cf8c234065

SHA1
a70dabbcf15d02f09e73c9984edb7ce9a207fb0b

SHA256
cfb9364bb7de9a79f716478bf14a652e8de12042d3f37c6f63e3786d47f0499f

SHA512
91f8c2fe6bc7d53beae08493becf5c7e2787b4d13ec8ff85f8bdb247279148558617f151d5ffc05bd833db9a8ed02cf942e7c99ca198d9c8d8f57d4c383be482

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe5d9c62.TMP

Filesize
1KB

MD5
4f9d8c10951789d2e8f50af10036f9d8

SHA1
4f7a38524f5f75914e4c644b940c1854b3930130

SHA256
861bb22c82790580231da18e0a6444f67ffcd47ac772026f87d0c4bea499a654

SHA512
0f34ba44caea7666865d02764262cbcb7abb71bd5b438072e75956a17402a4fe9dbf53478187d05792fcb6f474f5bb7dbbff9a14d6a3cc9a904fc5a5354733fd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
13KB

MD5
0d9827688ecb3ec1acfd461c795cb582

SHA1
a8ae631c4a6f5e2a4845ad41a223bee0147d6242

SHA256
3e29ce646122e0b3ae0d613e969faed3ae2ad64e3afb3805517b0003af71fe56

SHA512
1861408baf37456b44c895ee17c299aa1ab74a652eb26af1b38c75c72488f0c5e75f5f99803ecaa3d20618a367fc219b6a7d0affb4040c45a6cdf84b01decc4e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences~RFe5e3f78.TMP

Filesize
10KB

MD5
95a3c89e0a457a3e02acf2a14b3c92d4

SHA1
73893204c5d9c1a29827751c99b3efa28eceec6a

SHA256
cb6654e45b7c4118307f07c8ff2be54bbbfb5679300bc1c0c6d50c7c610af817

SHA512
8d3e6837cfe44415cd51668d58e83f0daa13f8dc2a54fd6ee87c96daad3cab0942f9d9edd952a947529da0d6a1bd0d764df3e58c1b0aeb901f5129cffb2ccfa1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cc377ae882abc1ddb3bddf3033927f1e

SHA1
8ec14b8ab153e2be563744c7d61cdbf9e645cf94

SHA256
ff605567d95e430f074160674e412e0d7d6d35b024ced10635ee87a6819d41dd

SHA512
06af8fd830f76a9b1fe5513553f658deecc86156fcfd45f86c8613d2690b299b7c56f54aac0c64c4ba728c1dbda702c683d8a1a2bf7bf1d1441ca5c8240f41fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
67f138fd1825f7520eeac2a3ffe53780

SHA1
e1d6ccb8a2dc2bc45c344723518985f3d6c313d5

SHA256
9f15497ae8895e98cdc95e902c15dfe72c199522d3842476c220aeb5e84dcb97

SHA512
253c053ca192f72f6cbf5ea555c36ac581ed49e7542f62341acbe688c386016cd2601952b1102cab538703c6c9d5efa0eb8739a5b1ac2d18b08fe70bc3468ba3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e66d6.TMP

Filesize
48B

MD5
347650aa3fe30d97561967c74067d617

SHA1
b39f0c873ca7297d8508aafdf7a7aabab49b872d

SHA256
60cd5d39f450dfc0f7bde519396e780afd4288bac67a0739e6a15af4166b9c8c

SHA512
6b99c4ec9a1b87da7c0cbae1733435772230dc4e9b982f922fcdc22ac8bd2316ed45be695165cd9ada6d82584c98df95422906583c105a82db35e9d5f60b89c1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\de0739c0-c5a0-494a-8ecd-786186a689d4.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\66\download_file_types.pb

Filesize
7KB

MD5
b486a2d22e22545b4d7ce820c38245ca

SHA1
3be7e3d4e07c581b9638a73a062809fb1f535ca8

SHA256
2f490c4adc51b58604c99546925f091dbda66ce6e54a0ea5b75e675d1fbe019c

SHA512
5c47112085670e0726401d436984accf4ab21c23fd785f0031997b786238618a163cd194749b8f625c3ab18d211f31711cc904c3164671bbc9347550c3b72ace

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
6e341674d1b96e008edcafee64b32a14

SHA1
3625952202a9996075b6545bd2375a87bb4c9846

SHA256
51f2be3c745efa6f906fb2309e294ab184d1d6cbeb3e48b9881403a7be3f74de

SHA512
40daec31ecf78c2255f027985460e0409561ace9e8ae2340814ab27ba37c40d8eb1c9d808f31edfd3948851eafecfb8ac9deb521a9bf3d6acd233f8c5433d8ba

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
a5e1b7032f30dad302da19878809952d

SHA1
64c6fc251d4621aee73d030bf9d0d73eef4317c5

SHA256
df8a48d74db71231a98c4ba8d8249269dfdb90ecea0dbf69d153fa53d4f98644

SHA512
97017b8590fc52d95f9dddc5cf28b283d2989f1efa17f06695a8f181f1d78aa6f60d0dd1ec4c104fb7836aef289974a9a96c1772535730244fb672d6c772c9dd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_1140654420\_metadata\computed_hashes.json

Filesize
296B

MD5
e98aa4edfaa324f46eafbedf6632b1f7

SHA1
0e6df9c62a2118c0dec7aff6361f2baa1a368ba4

SHA256
465dc4f688d650f040e50153a85dda30f0954cd699b8ff4c8a8f78b754867649

SHA512
c6cd2833d35a684b35634aff94a60e9bfd0a58f7a37a8d3a11caab0ace3c71f87decdc8372cb0d2cd6f5e34174376f2cb8672ab1181580be782a076157576c64

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_1140654420\manifest.json

Filesize
349B

MD5
c2aa2d6bda7acddee117477137bb0163

SHA1
4ef6fccff382121d84c22101a7f4677cf056b22e

SHA256
cc55f3872699ff7cf5412491264f129c15738daa070001ea029cbf0a8e97dd47

SHA512
34f28a91396718921fcd6e77a08346720edff952ee77485c9ba76e2839d1f780df2e225b5adfa2dbc55d68fa7f731427bc52019a93b55f2f5f24cc29dba49221

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_1408056187\_metadata\computed_hashes.json

Filesize
298B

MD5
8f954d6614a7b751ff59b171d1100903

SHA1
db313de735d364a90dacf38ae35f10baa25783db

SHA256
30b93bf098722fa2f2b1702542a1df32b40d428c02cf31aff1b0ffa34923d362

SHA512
494a82021d866dfb514f91aa2a4f816ac50431e1397c87ec63c122afc633257af11803f84bfeeb9d5ba3bde76985d2a9258b9aa6eae53760db17cbf80dd62644

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_1408056187\manifest.json

Filesize
420B

MD5
77a056099653b11bee79b20aea9a815e

SHA1
fa42bca6ebadee0ce1beea9294372b7cda4b7444

SHA256
550763c0c6a8485169cce92fab5ef32ec642f001bc0ae98a024317895e40cd8d

SHA512
532e0fc9917d6409f771892557cd4e6b6ce926522131df42eace5faa22db9641502e5e6ef23e91094a0b65f85c7f223e2cea1fc05078d67f493babe446132d08

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_2142907664\_metadata\computed_hashes.json

Filesize
298B

MD5
31bc0faffb02de03815ff478ded0e47d

SHA1
15e926fae5f441bed88b98d9296c661d2c5c09e4

SHA256
21473aca0500caff3196c1fef89ec0d8ff5a9b2e6a5d0cb0f5e97ecd71ffdcbb

SHA512
7da261179228bb28eeb59399a7faee11e596c556ae10633701d490b4b156feb1a24c2f7df49813c906a0b1442396b6f0835776db54c2d65fed27c30a4e52c55e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_2142907664\manifest.json

Filesize
385B

MD5
6f26172981ce246f21dbc1d853ec9433

SHA1
a5461d9a26128670f2e2bbef2d1e7578f672a183

SHA256
21ca7a61f92685256d98dfc78b9844e7ca784afa51fa5530a3dbd3ee6d79ed6b

SHA512
bdefe588284e50e42abb743f3d04171823d2893a6d188cc95118be7dd292c6cd91d3eb827b54d39858698cb526b8e75648688b62bc463759e5b95b04fd09b847

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_269441846\_metadata\computed_hashes.json

Filesize
250B

MD5
fe5222483493fd135f737ee8d96c6ec9

SHA1
f78f932efe6131c8921262ae9ee131cf70b89444

SHA256
46a8f292cf4959371f87fc099e09fd279452654e56fa603299f7e512dbb010ab

SHA512
9a6d1f04cf4789a2df6d572d5fd516ad8b412530c86b4cc22588ec2405b5ec8e7bd15553aa2de01c37b5a8af5c3c7504c0251aea171e864620180230018162cb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_269441846\manifest.json

Filesize
408B

MD5
25e45b88de59ae31ed14c753d0ee98a7

SHA1
a1193ba5afb2ec60d42b36dcb6456da21555b1bb

SHA256
7b65ad26e9cabb61c61e7f1018632e36fd342c29c1079b83edea2114b0d60c31

SHA512
a7f7e538f12d65b93af9d926b330ae0a3ba9ea547724a5a7fcfaa8bed103d1f3813fc12115bbc56ff80c3da384b74244ce37e58387cce9b10a1ccdf2f779b29b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_348785611\_metadata\computed_hashes.json

Filesize
250B

MD5
b16a4fc1cd848f3310311affbd405e16

SHA1
01ccc719f9106352045caf1aea514489fe4194a9

SHA256
cea7302a41166422820c9c43cad70ff548ff88ce44c6f0e6a4f9acee59ec7cc6

SHA512
a9205276ccbcdff363ae5a8ff5e6d03e000efdb65662be6d30c56ae3ce0740ebbc1ee78b3950be8e86a034106fe9ad61c56f0bf78a4cc1d3e7d14566ceeae41f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_348785611\manifest.json

Filesize
377B

MD5
1ee6fefe3b23c7c7a8059c979886b744

SHA1
aed05f078d9b3da40e63a991ca07e36c99d67633

SHA256
ce710effc16c600f9b09699c3dd82c94ef60f63c98411d14dedb6c5dfc201d28

SHA512
9b609cd8afbcf2c53cf71dda6c235914155f704d7119090658b55ed96b28c950c110cc4a2955e0780a2efc79ee78bbf46a15ee65d7144ac991c6748a3f2892f7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4700_985972379\manifest.json

Filesize
407B

MD5
7488b6d6720532f4a267d26c247141d6

SHA1
8c94c0b8a7da8bb87085cce4ad42641ad3e8a842

SHA256
fb5f4468336ac50fc71dee3568ed7bb2392952261076ea306fc9f4ed5972bde5

SHA512
8567b3e896b5dd0bb3608f3fd65fd8cefd284ec4ed5dfa2d6803a962ff41d2c7a59c933f4dc9b9c7c6f6ffc4c0e8e85f62974fe3fbb09f758c2025523355dc42

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
38KB

MD5
42ca95275e6e2ba60dacd036865b305c

SHA1
2bb142059bc078418e4bb41d742d24d85b2ea9b7

SHA256
cc84878b0a680c7289e269a80d298e8c1f25d93da84cff6e7422bef4bb0d7036

SHA512
dd314d9df3c426f407ca5c0033a2688c27c12f8e750a459d072db46dd00675401cb5359ac7eff939d0eb213bf5ff55e9135fcc2f5ec998d0caeb3f3afccdd89e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
b6a488bc2d28deb1aff3ea4fbf19b3ce

SHA1
e52a8915aab9bb781a228cbd4d2d9dc9c4bb2466

SHA256
f6e87ee5c90f876bdb8a693f103f47be7f95ca48fdca7f0e3433536830177177

SHA512
875dcb0ae7b173f39ee2ad2e8afe7054547a7223a62e3718f02df4d1c676a2ba17d8af78c894787edc69f60c43dc8e3e154334aa92af10ecaddef8fd0a8b7d02

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
b7b28a042b1728e4bcf539b97d695d37

SHA1
71e73a313b3a13c272327d7c44925efb8e3d30d4

SHA256
7286eb3dd3fc62f279b82e13e499dd197e11ad4a1eeefaa8c8425508c622b8ec

SHA512
4dc4dc609c4db89e48bde597d87e2af9e670b828daadb56d7611a86904c1068cc62dc356ed1a173bba1fbead64c29f14ec002b6f047790fabb9119f110777d1e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
26KB

MD5
0b6ad20e826c1c6a2314302a3a4f5058

SHA1
9a0990cdd940374a721dd1a0406edcc2ad1a3ca2

SHA256
1190156fdd04d619b3236a0ad365df248008c51f0475f9100a838234741378b1

SHA512
f0c9d3919aa8891f4d69b457b5505a84e57005a44128e18975e4d6438d523552859556186b237760d8454a08ef7097fff09e0ed5f77a9e80dc13141bc7d9545c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
49KB

MD5
e8b914838b4e20749cb3a510afcfe560

SHA1
c6d3a1bf7cb4d7e6db42f9e3d1f5a26d2447ed62

SHA256
a7eb0e9a983ac00ec33f4c60dd728c54e8f06c070555c5711ebfbca879d17925

SHA512
78440b59d70d16951f356f146cd387f04c6149bf1fabeeab8960c3b06b1cb1670be93b20aed505726e3d404b8c45c5d5a197d83679e11d66501e4849e03ddd6e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
78d823e9935d83ccab147ac42c300a77

SHA1
24e600750b18947d9e7c8a57602b399e221069c9

SHA256
6b392a06f26503b2fc33386e8c2a5a1ed630cb7c9bb2e65dac73ae24cbf14741

SHA512
cc8c337edabd4866e29a9ec8d76f6da943008c244ae4f1dffaadf661c9ca2bc245242fd07ef295d8f5985567f83f60919340eb7dd35cf9a72d12f3432fc9519b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
0083b17bd47444c43f1b2b5b28728061

SHA1
7102ce6a21ff8306b6790d7f657b2e49c495e2f6

SHA256
9025a67f98bfcdcb1eb4e4160d2008ad7fab9605e72638e9f73fc767c749c23a

SHA512
2b4f0710b59c531144d540b42c00390fa4390c065f353f9eee00fe258febd1f97774f4b5a4af096f82c1227ede48ada152fe8114cb7c1807f49cc9c87d6c98d8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
52KB

MD5
a2bc8a9b2b372a3a1de58f32c88e41f0

SHA1
4ec699204274a9b3b19d5bdbfd4f1189258002b2

SHA256
bad385d07e688e012ccbb6182a8089109426aa80a8c30753c8cb43290e98a2c2

SHA512
abaa21a8ccb43314cc1c025152a1eb0670a5f180e447b68f527095ef135b74d606cf17f3b5f31a6c5fc9cb2af7f66e5b3096e56dfa49d9ab1c712490c228fdda

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
49KB

MD5
b729fd696d3eabc53f77dde860b35748

SHA1
d12a72bfde83e622d57ac7f4b2fa1a0f6791866e

SHA256
8c0ded844276fcb504b9f1f2f6d32c1cb24f2c9d0a3e9e7461bfb21aa000510b

SHA512
ac2e731908a15d887b6e4adbce96730963bd1671625b58e80a200c433061a7252f176bbce6dc62353de90ef7932b20073f491203323f2f82c7ff8d371834eb26

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
26KB

MD5
609ac1a3b8575abc81cdf8adee729e90

SHA1
434d8d54bd431d801e9fbf607d1ec2c48aa61713

SHA256
b6b196c38dc98dbcc780ad2cc53383d9342c32040bd126702f72259b223fa050

SHA512
5d36e96654d2c2174812f40f816b375c1a25f84efc1e23e199d504b7ea09d1002c7de6e4699f59698eace7f28af4cade89ac8d84fcdb8ec40feeeb02defe736e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe5d7533.TMP

Filesize
6KB

MD5
dcf9806f354dcff4890effae3f81af07

SHA1
a88f98666df4dd7518a0ffefba3f544af381475c

SHA256
62fcc3200675a400f6aafee2a4c1ba114ae11d65a5c8a691ec2ad463c2b6c86b

SHA512
067a14e7cdedbe0be90f4f4aa6d322c0e053cbf5087362c6f164ff11c29fa3dcd59a45d868cfd216c1c5aab0482adfed143dd3507a6a195b13096046c475b11f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1014\crs.pb

Filesize
143KB

MD5
a5ce6498c85fd6192c0cf8163dd1d78e

SHA1
0aff2338c879a878cd04c13c760133d9d00d3725

SHA256
de20add60a38918cb64a20f26a13d59826f85c2ce3991dc4256f4c93c6e0e729

SHA512
199e5db476382bac2fae6f3daba68a5d4013848c2ba82989dafaa1cb55922d39b3ec4fb428c1f7767321a1960d83e2bf642bd51e11f141ba96bc4bd006d29342

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1014\ct_config.pb

Filesize
47KB

MD5
e458caeaf31d269c12016f8afa6b59bf

SHA1
c49ae654fd95c28a8c0231406ff05f78bb608f1a

SHA256
0530f6b325d0f5da5725b8dfe96788c263c88b1c0a70bea29c516aa8b19d52ac

SHA512
d630f955a04f91938cc8561fd5d58f63f70d09792786a03490c1ca7cb83d2591bff458835c73ac712f1e9945d8e0f264aaf5a4c1ad5b7c32f3fac1450046c6b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3034\safety_tips.pb

Filesize
152KB

MD5
b062433ae4d3f520e0cae95348c6f8da

SHA1
a89c27acaa1f903f3810d093ad9d0c6ed05c90a9

SHA256
3021e458221610dfa9f56bdd809467a6e65872da106020005205fe6e5c4a0c68

SHA512
d6ec18c74c1cd569376d86c6fe5d44064136434c09a1c816165384bef44d6544a48d3bb450712b201fce8a7031d3ae263fc259591085ae5990ffa51c1c66ce14

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2024.7.13.1\metadata.pb

Filesize
30KB

MD5
77f528964047484dc1906a7e575ad52d

SHA1
d7963793c9e662147230f14082936b116d90e7d7

SHA256
a7c52343b8c70d3a643d6eb1167319309500996d553d847dc9c241eb9d543891

SHA512
0f1f63f164bf40a991184fb7827d4bf646ac6673e3fddbb5b3fec7a994606ae82da18679d7e73ef087f41d894550d780c800ec6aff9102b738933996a995edc8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.181\list.txt

Filesize
112KB

MD5
178c3d3f0f981569ea47dc785e9602a0

SHA1
efaf89aea4b1464cf677d1374d6976c5f1f58f3e

SHA256
99b9f804e8020f2b476451ec490171e86abb441f13d1e58c29c153e195a13659

SHA512
6f0130f8edeae074ce26bb21b65c6637b0a4d4031303386f54f61024accf3a75f4c4d7036b1a2f33060a82713ec370d6fdc37fa2e7cab036b3e0077701cf9387

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\Greaselion.json

Filesize
3KB

MD5
1b8b879387dd5db18b39805603e6cf68

SHA1
e499dbde8d14a86eaf769cb81423f9451dcdc7d3

SHA256
a0cab2be6fda93b0c8139b4492de98dd6220353af978968fabbd75010eda41a8

SHA512
02579779d7d4f0ebdec886049ea284fcb157c4b09920bc83b59c6e300676937143f0b2e863b5602c020325fc928d1abadf11914ac93c75b92157878afb5c7cf5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\clean-urls.json

Filesize
15KB

MD5
feb6ac226e6093b8bef28f832cf2bbb0

SHA1
db1adecb687d571f293dc187a1a835d992f2c86a

SHA256
a67eac2d7ec078824131fef7234c8b9c4f0e017cee3356993a448e3033066774

SHA512
900d0fa02f3f1ac0f4e7accb7a1f725b495bfa9a0d0d200f5a2f20421f89b21ed1b96430da6425b28a9c7ae8235b2fee72124fd56e26879738068a948c8f0e02

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\debounce.json

Filesize
10KB

MD5
dfe66f6acaf568a0130bba36613e2c5a

SHA1
b53f6ee4f1994fe246dc346b341ed9c4ef009e5c

SHA256
51427ca754354027d6391b8bbb0ef62be9c22774e7ea58dbc5b4ca5be4cebbb5

SHA512
31b44e38a84b5fc50a61ffe86559fc7d9216d8e037ff67d6a9d60c5e5170f49becbef8257c93c5041629137b9638cf22237cacc8e6d5c16b2ff433c55eb8da71

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\github\githubBase.bundle.js

Filesize
2KB

MD5
e7cb1f457c1972065f9a5a5821ed022e

SHA1
e8d135731d52cee0975327c99d1a6b745937c36c

SHA256
a00d426c743f719cd74ad64441a8f7fdabbea566893c29b756754db91f05355a

SHA512
de79db36ae1e042121cc440b21a5f175b7a679192df11883f304debfe3c1256955e13724d47ee3cc874e63fdc9a0b50d4b57f16d8d127d8106dbd0dd73cb5dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js

Filesize
3KB

MD5
0e7d831110979936c383c74b060388af

SHA1
e9f8511b9862cfbbc27452a9463a78b44901de4a

SHA256
d046760e839f120547d179a8eb380cdfd07db89ed256d3b95bc975161d075ea1

SHA512
8a449257a396b0df25a19211cca28162dc12e5a22144b48996d09111181340d28b79c49610a7fcdc702b5571b0d4ad21efec890d39bf0d678f4842b1d93e629a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\twitch\twitchBase.bundle.js

Filesize
2KB

MD5
4dff02b3222f25ae7138d884fefe8e8d

SHA1
58870f0e2511a66b961ee893b332c1241d235ea6

SHA256
0a21a4e6173432a274ca9b9ed8c13a4845675f20933a44a1d053c0d12a633447

SHA512
0d031ed3c86c8268dd3c01219b3690948f43dbf87870db2af12ab9c60b02b1c8212109848d358a5870a17b8d1d2599f71918690fa0e34aa4194f210e326485b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js

Filesize
4KB

MD5
a51665c6845913fa91a8cab79856f5e3

SHA1
bf2cb19406ad712c01799222ca1a98473b1430e1

SHA256
a4a6c8417714562e30af022a99cabcc3b53315dbdecd053475b141d94e4d687f

SHA512
e18f7fc6db3e30f78e963aa00246791642ae57f761869871839b67a87cba9e00e7b3f64674cee409544b5bd09c6f0d7ac9ef3c8195e49a2a483caf7a758c3241

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js

Filesize
4KB

MD5
bdf49604c55dcc6e0af6281c83158f68

SHA1
1352d66ba7ba76efc4f7e4bd9e8d79cf1142b275

SHA256
4978086aca3e6ebf5bdc84494f31a388ce7955fe8bfc043d75cc8306aeb437bb

SHA512
8c3c7d69ed8aa2177bd3e56b85e1cf51e98ab97a551df2e11d9b2fb1907503e5ccace21f895d5a61189d6c351ebd828a779e64cef5114c18905d19a1964ab648

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.816\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js

Filesize
6KB

MD5
31c947a91169986cfa3558f1ef9faec9

SHA1
50d23ff4bb00edce79a4160ede1545c2c87b5a08

SHA256
90f326796832682ebb6533eec08ea34d29e8a864f949e767e3c047b225189a94

SHA512
22f66c131abaa03d3a3aba5f1b03a9f0bc355e528468d9740262218e855c4219e891cfef463e4ab5e4e6559f6c49301fe2a70e8b342f5d3eb9c577ed262bce63

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.14\StudentNTP_Sam-Richter_x0825_WINNER.jpg

Filesize
544KB

MD5
f66e5fa138432af6b40849484545b809

SHA1
25942df987649a1bddda636686064d29dca799a6

SHA256
65b5f21ccdcbdb23f39baf036ae5eb3999f3e88e241bc57a3a4d1bf0fbfda605

SHA512
29a512f0f028b2c4e53f492f6a4fe27cc88b547334466341b08b70724b16e7eaaf70cb0308e251f404aa6b80db972a553438afc3894440e1b1ed0962ec7a5319

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.14\photo.json

Filesize
6KB

MD5
9e7961113273ff27fc0364e1ad5c28a6

SHA1
76d8d1eea3a4f2423d4e4602dd7b254c919e52c8

SHA256
b9d166565aed3ab30c83d2126d636f48a6e502f65f6b09259053fccbcdc48ea7

SHA512
c9de055cabcbb23d24d38c0be70489a1f744c0724fc7da83bb55786cfac60fbe64916bcfaf679f8a9f0fc188f8c51f629816f1a6318aa46fbffc068e4a71fbf2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.7388\list.txt

Filesize
46KB

MD5
23e9b8560f42e31ef78c0bde6b009716

SHA1
f7fc096aa1b885003eebed973ec5480b3ab01836

SHA256
8b90dcc1c8e9faed0b67e32851c1d3949a64c5527f731c116d0e63301cee0ac8

SHA512
d44829eb313117a2dbbabbea2fedc1107f6646193f296c325633375498ed96e7544219bded155a2ad0b32ad8f547bcfa474627c3930a347bb2ef0b6a51a66625

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.7905\list.txt

Filesize
1.3MB

MD5
8c2a244f835dba7e2744d036dc3cab99

SHA1
17dc8195aa16bbc53b3aa998f594194a71d10709

SHA256
cca8cac409696eda37511e4b645da718376c3a1539f644a2a4424975515d63ba

SHA512
ce7f9552ff388fce79f205ec74fa2d6dd79f2ed07817ebc62b57728ae19159b02fdcc517995f324703d257ac838a96283e26e84dc006ec807c7f2d666b935308

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_d162229ada41600759bcbf2415063c2e3280ac347e3d76ecac54aac1e5c89260

Filesize
37KB

MD5
cad235e1eff63eb751d08321362ddfed

SHA1
e39f14eeabefb23d541b729b7b573ce4d711b4cc

SHA256
d162229ada41600759bcbf2415063c2e3280ac347e3d76ecac54aac1e5c89260

SHA512
349d0d63d528bd156145f3cb51de8fcbe5099a11d70a2d4ec69eb63ad60055a78803110cbb9b92610b2672a01d8c1886d38ec91fed04087e00bf7158b1674566

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_82241e36c7e72703a3b8bcae41ac2dbfa985106f50e85621d933549d7245f710

Filesize
69KB

MD5
9ef804538a0ca6ade22f348e48c6b136

SHA1
6e926c6303ea434586467ca56683e4d0a1602a4a

SHA256
82241e36c7e72703a3b8bcae41ac2dbfa985106f50e85621d933549d7245f710

SHA512
6d8e0cc4dae3394ff33a55e6e5b2f59ecb23cbe619be140f25d692087ded660dbdceb3d762e42029946648cc1eb1f124c6b8d1d2f692b0d334a7f3068d1d644c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052

Filesize
12.5MB

MD5
26550720da0033f11c39b9286c89a360

SHA1
2e4b674d0894fb7ce59ba593f918f760e546749b

SHA256
9c5960d21f0263b2ae8cc29534889d287090d59c6cff01b499bde57d53960052

SHA512
f51ccede383bf5a8b2c14633da44c075709a9f69254438dd8d1549550b232e7cf5c4520c6afe45a943d39a02c2b3f8bb54b5f53f5dc3499eeaa8df747d998112

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_c31cb858541552608c7945898ce5fc281e1b723739052b7c367388d354e4164b

Filesize
13KB

MD5
19576612e2d7550ed54986b4a9829037

SHA1
360babf14447a04dec9841e2d30783351c8e11fe

SHA256
c31cb858541552608c7945898ce5fc281e1b723739052b7c367388d354e4164b

SHA512
bb507a57a1f2bad3f0ddcd3f4077e8a019cd8cc044018d917ece426f00656c5b5b7e31b32561f6efa9e438c7a8146ddbaa8ed49faf0db5213e947d347e8d5a6f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_7ac0338c174c039b27bdb03b15506d6cc77f0b87e7f520101b39254b1e72ed0f

Filesize
390KB

MD5
c368c39c81a8b18329a82612fc4d0456

SHA1
86d523d70305f985004e0b2e9027a36b4686cdab

SHA256
7ac0338c174c039b27bdb03b15506d6cc77f0b87e7f520101b39254b1e72ed0f

SHA512
8d236dee39ed2342dab09341d83e86ebaf22a917d85a169276b89d600f5c6cce2dc2359a799543208c5892e3f9fa84c29fa81107ab02adeaad1dd63ab32c35dd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.70359bd935af769b547e7cc168c23ecfc97a60de10f56c775501bd47a51a670c

Filesize
151KB

MD5
71ef860610642cad15739f96707588ce

SHA1
8442c61bef42acb04e748dffe09c7259932f9853

SHA256
70359bd935af769b547e7cc168c23ecfc97a60de10f56c775501bd47a51a670c

SHA512
cae147bfdb2fa0aaf7cbdec3ba9f56b81fc531259e88e898fed9ba32f5284b53ae01a623f91e1593565f0d19350a0b1b67573938bb76877608fbe83b52fdd85f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_fe802c1b5a2cde6df276c408ae543215295b2a05e0d09a9c059a18e78c2b1aca

Filesize
290KB

MD5
14ae153f01381bf678d2ae1007b08bdc

SHA1
f3d1590409914b6c3ccee17a6fc9ad5376891be1

SHA256
fe802c1b5a2cde6df276c408ae543215295b2a05e0d09a9c059a18e78c2b1aca

SHA512
5355c2291b69e5841f28dbba1424c215823345273ded0a464f72f71f524212d0695e88b559999af46774c3038ac01d71ce8e48a7160f7e87d86e8f631684ad99

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941

Filesize
8KB

MD5
be4bd6e1ff889a7bbfa11ba79fd1180d

SHA1
5afa96a648721fc9d5e5679c0beae33986c13124

SHA256
905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941

SHA512
78a2aa93d0bfd933cf3300c2f13004551ddfab104a4ff63841505041510e60d327a803082091b9ad9dbb55744898d2c145b055f495ecc311df65abccf192324f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_8745d7117a3ec56037bc7bf53c7e57ad5fc75461ad5601171a5bc2fc241a95fc

Filesize
71KB

MD5
9a55d4e7ccd41e42e049a14bd89ae334

SHA1
e358c0c87352e54fc844032d54fc43912a4a0f21

SHA256
8745d7117a3ec56037bc7bf53c7e57ad5fc75461ad5601171a5bc2fc241a95fc

SHA512
631159c8838e52ae099f1498546c0a1676c3a82f2d6bba91ae32d00ebaff879fefd5fd6f5c4c9c0109980d9a6497d9b4900badfb1b323805eb4416c4d754bf1c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.b5e8e284d4ec21639f8b0664454cd58eed8301d199c9aebd29b7cec04a07d9e6

Filesize
24KB

MD5
85e082bef559cdc7ee601c2c76aae964

SHA1
e6004ef69dd098a1bf2e558cef2ce91c3b4588e6

SHA256
b5e8e284d4ec21639f8b0664454cd58eed8301d199c9aebd29b7cec04a07d9e6

SHA512
a329f45ae36429d91fcf693123c138bd0824c54f688fd7c16ca4098291ede33efad4ec04066977dcb57a63a46869fc52ad30e3bee81d0cbdaefd981fc9c7ff30

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_6d59519c34a8c034a88712725c4fddf59a551d4d16ba797ac79792624a8e830d

Filesize
18KB

MD5
603a5431529f90d9cec1b205c7b9a25b

SHA1
848a4e4e9dc21d57a73b0282dcf20e343ad505f4

SHA256
6d59519c34a8c034a88712725c4fddf59a551d4d16ba797ac79792624a8e830d

SHA512
7443170fbb349a34b5aaeca1a69cf90e65adb7ed544c3f03ea80dc279089b777c308b50a70bfad5ce26f94c258a5cae08dc19c017c17588b7e35813dacd897dd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_be462db15bdc6483b79c3437ca1c785a943ad3fc3456f3f940c959b03deda396

Filesize
1.6MB

MD5
8a9945cba126cdc9a293aa470c0098da

SHA1
a7f78a95f17cc59981a012640710310ac29874de

SHA256
be462db15bdc6483b79c3437ca1c785a943ad3fc3456f3f940c959b03deda396

SHA512
db2310a49043ba2593cf5cd15655c6ea5f9b69b347b5f2b3c21263240e19342a2ad15b6e5609f4c06c8c767a0d4e2158e6dbb6d3646898e6e9d6a8958e9c1f80

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.6466df4408708e876598b0979cfb9dab9c7d2e5f7b7c4c3fd640ba5e202e560a

Filesize
9KB

MD5
9ecbe039db4254836e425e4938b57e58

SHA1
bb41de776e44f4ef6df6e8d756edede83c6178fe

SHA256
6466df4408708e876598b0979cfb9dab9c7d2e5f7b7c4c3fd640ba5e202e560a

SHA512
2d305eb36eced7de363e0276ef21714c710b667401d5fb3b5e3a0eb20ad6aaf7c9aeeb80745e97dda970d96a149820ad27b68ab2e72a32a66e77bba1ca357e45

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e232391b105870e13719796efea3025cbd6ac95d2a97b88d4404c92eed8eb8c2

Filesize
72KB

MD5
7b983da743033ea337e2bbd5aa42abca

SHA1
f1bcc0e299ad6319eb3c0d76e9bcf55f8a09b5c7

SHA256
e232391b105870e13719796efea3025cbd6ac95d2a97b88d4404c92eed8eb8c2

SHA512
21c4b8c3bb03f6f214903ee2ce2cbde544af8e7feb0558a4070512d86302fbe3b7762d3b47c9d286e87a4084101f78f4a1d9a0fbae9332cc3f7c1d03090f5455

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.8aed26106d9b12205a9cc12ca05a8e0c347d405a5db4b77f28b3324ead0bbae4

Filesize
5KB

MD5
9ba6b229cb1af40f2e28509d5e31ce29

SHA1
627cf719a46a774ccd2bd4ff15fab4df72f99db4

SHA256
8aed26106d9b12205a9cc12ca05a8e0c347d405a5db4b77f28b3324ead0bbae4

SHA512
0cf99f99eaecac089a39ec9e661419ff4af7e6126465743704a38965c43b6637e6085e3f62c39dd548b7c07ffc6c801df74cde5cda224b7f24a8d2f621e26fb5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_c141f24c506e4655e7dd16450f8c9ac7872fde69605b689bdfd0a9a7f06a1e1d

Filesize
164KB

MD5
34a1fb9cb01328c7301ecd0ef0b7a4e4

SHA1
8e65c118ecbd20065983f705ef26c52b473a6583

SHA256
c141f24c506e4655e7dd16450f8c9ac7872fde69605b689bdfd0a9a7f06a1e1d

SHA512
73d7a3b1e3536d140b7a97e00586bc519c96b44f5e43d36d69fa8674f96d3b33489ed4271560dce47a14f00b128608b23e439daa9cd21a2b33b5f7d6220a7117

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.6c233daf2d0597d69d6be873746407a4bfb34bc8c92e9d4210a078ec859f6a53

Filesize
5.1MB

MD5
7ecc63b8c94ac071e711f2920c929b63

SHA1
2c9199f6dc6155606c269ecde8906e8368b7493f

SHA256
6c233daf2d0597d69d6be873746407a4bfb34bc8c92e9d4210a078ec859f6a53

SHA512
cadc35ca6860f604e408d3f1c4cd4f52b76d667003e438a05cdf055c10791c499bd5c0d11783289aa4093f7086fd7330f7c97926103b342e35ab2720d3ed5110

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1656\photo.json

Filesize
996B

MD5
09bf7b28efab8cb0ec0193251b322e2e

SHA1
329143ec736c734a22cc493296eaac1a420f9d55

SHA256
3ef3620681ee705ddb178f8e6bfc341d3efc87e6664c55ad57a87d7b5ee39cd5

SHA512
aa286558c5f21e2f9474fe6e92d121d37a46740e679e84ec73e0fb9f42b236dde4e26238c96ee32c7a4814386227520713e1e707e2d5c4981654b0448d97b204

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.60\list_catalog.json

Filesize
73KB

MD5
cd16a584d865a33a8b830e8d21708e26

SHA1
87f0d3314960a12fcb88bce93b8314367aa98814

SHA256
33cec7ea9957a23c04e73f7a7bed7829d9d94504893cbbe66923dd7e3cb98b31

SHA512
dd220f5baab6b837ece2b521ab8724fcc2177ea6913d0a07492bc1879712d0ee0fccc37c927a0f2ebdb18d0ae42c2d8f2b66a9dc608854112769063be17caafb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.102\dnryisldmaqljgwaxeqbuuhuvrbboqlf

Filesize
235B

MD5
a04be1657909390ffc500ddcd67bcfd0

SHA1
ebd0f86a6296f02dda91e6961f20a8a6d945cc47

SHA256
ed10faa4269c0c53471193a079696b858e8f38cf486a96729881be822d4204cc

SHA512
5f0e84e5a1423d7e1252d2d04fe0a6e1475ce6a0fa2b9fda22333d85a7090beda2e7d4c5ba44e0a95e022abd581eb292707afc8dfa25ea4f4e7d924ada00ec0c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.102\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.6841\list.txt

Filesize
5.5MB

MD5
ac32bb7e7fb590742403ea56919cfb06

SHA1
30646279ab34cf30ccc5e0e163ff2902b939b94c

SHA256
bd7685238644730fa3872275d77af9633e2397bc4ca951e84326435a77707ba6

SHA512
dd5eface6760c9aedfba4146463f706ee7ae702852d5d8c8e159e415acc0b824ab7ff373ab3747b2c8718b52fe6f85e2a11d9c208504cc7e501129f51ab4d248

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.93\resources.json

Filesize
988KB

MD5
048c365ac6ba1a7bf2bff14dfd0aebd9

SHA1
ed067811f2bf3b7d85fb4fa371b99af1ed76ecb6

SHA256
d19183aa848ce97c4b2f13d3b88c2f4cf55694230d24da3b7e1936cc2f4e287c

SHA512
cdd104e0489b56c4b8fbb092c2c93310c1b74c90998a46deefe2ae397bf6cd1e6b3a3d61882cac8c2d392e2c279d4ce256c9ba784765dd1e5fc783c04a5f4802

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
563d6df2057a969ae12c592577c2a8f3

SHA1
45b18cb8764ef9dbd06b3b5687529fd0c4717ed3

SHA256
a854c895ee064522ccc4d936b4f8a2c91b5697037a6fcb66f7425ffbb4cc2984

SHA512
89788e7d436bba97ea60538a98f7259888418b091397aba72962f88e99ef6e73e600494e9603f487e56819f10a9c367f1ae90c12a40e73ab21a8629a620e86b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
022cb1321d4db9ba1c647bec5727cb5d

SHA1
68a2894ffe56abf75665fe77a993586fff300655

SHA256
aef5ee35e156806b96b27646eb1b5a6b41dfe6f6958d90424acf0dec5a2a8714

SHA512
5a668ef915ee19ddd892dfae449566829c607bfd4596534b12b88f7a153b626634311201ae853e88ecba80b079e64c4068ac1ac6cdc755efdc6113c2e1fa2505

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
ef363ba79d31bac3fb34651306fca194

SHA1
6977f74de1a0276564f0dca4909a60b86a71edd2

SHA256
e2ebd142b61c4e899de96b89e313f7f8974e5aa25fa478b5fbb925170e6efbcb

SHA512
80df40f4af14cef1a6372da31075ec70858c0cc9c9d86691594b56e7a022595107f7c14a7a5cec5a13446a80b5874fbb1753b8c19d41d59b7e7e32a9994de6c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\BF27C53A6304DE459D0C07883A9FCAC5D8FF4132

Filesize
60KB

MD5
4a5057118ee85bb57253b702eb59030d

SHA1
07ecbea241fb7642b7a3d80558a21e019fd31343

SHA256
2c4e85b8e3baea9b28cf19c2eab18c5f09c3b7afbea64c9151cd84499b8b28b5

SHA512
a65087c948548f50ecfabf8cabcb5f00d2bcac2b23ac1984a683cf076e24d8619dd91e6046292a212bdd29789ea8d974ad241fe5d432bd1ad3731a37e2f8358f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
ae5abbd40e487828f07ec52b9a084f31

SHA1
adb455d959e1e804e441396339b5a311c95e2404

SHA256
52a8f6b5b25e11556028170bab872f28147ecc9255cb5a4c036b5800b87ac271

SHA512
9529ac26f8997dfd410aba074e779daefb1699f652424a4b95376534ac29933463eb147f26376eef37742e2966d8f984287d6c35c7b36eb2f36e6a488f4db42b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
aac330d05f2e3aa185cb0d0974df901e

SHA1
1a12ba3cb701dd59bc241278389a0c4ba7ac2006

SHA256
c47c04852504f398f87d792306ac9a79bdecae2cafa1b9dab127d629383cc690

SHA512
aa8e1bca6aab91274e57ca8bf2f83dc7340e1280c993e36355bcdbf333545c4d8d649ed83d118090d7c0a7a7907de28595f9a6b6f2a93573414a565b8299c944

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
de48edd73b4d4dab7987dabe9bc06c1b

SHA1
483a087b7ca59ff8f9b3b70e50703b40db4c673e

SHA256
03dc9204e9e1cd8ede9139cf5e3ca1f2d90487260040d7a118d3854758c4fb6d

SHA512
da09745344e2e6ee1d1905527f4e94d1f56f1552f20f9ac1e3dba0d8db24ce9abaf3f48a0ad18fc7fb8b81651dc2a651663660e19c780a2a3a45771f7dbbba82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
b361a328162972c7d76112738e253c41

SHA1
7b251d958bb280634843492b82dc68b745cd917e

SHA256
a37786a157f8b2382f15f2302bb2f1a868f59cceae59e7a2d4e8a811a094b2be

SHA512
d19681d1a54eff0728365e7ea8f4dd45c20c8605d3387469e5316e7b35598c842c3483489138e5e19d2196cb020ed9ef877a65be623d921098020e16b810ca21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
b6e02ad9921496df07624dad856877d7

SHA1
bf2bf03eec6f9413e81fe81b02f725dfad950d8d

SHA256
7641ace6d2d4ef882bbc53e77bf164a274323700921abc160badf2836928adeb

SHA512
860d5fe74f3a80924f2e0a8e797a5c390f19c43cf83af31b70658864aef779fdafe7594400b2391b31d4a9833c805d95ca6a15553c744d4e1547df35286b5b39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

Filesize
7KB

MD5
b44b6de92230119cdb3bb6391e0866a6

SHA1
98032731a8553268e1bc0f57591d37a808a93390

SHA256
2ede20f8611d95edcf75e76223da76a43b519fb2ba3b7452c4dfa9912a2cd0e9

SHA512
e80d67882e0fc2bf77e539d065492b0fc8a119f484ac06300b5ea741e91abac23740b653cb4254d497f972ae9a0d7c36b67bf82d103c23697ac6887dbf996d7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

Filesize
30KB

MD5
f78f716a9c42f2e39afe17fc444d4cf5

SHA1
384402b447dea43d346a3558f948adde23043f0d

SHA256
e1303aac655338267f7f926019daab709c0203261379de8ade11d45470db6eac

SHA512
3e41ea49c93ef35150816f86e2dde2ab944f4cf9d6267dce98b4844e358b5c3d3f8699a7b6d0149011249ee855a4ad1ce533da5ecd01a59411dde46c95bc8b92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cert9.db

Filesize
224KB

MD5
a679fd1e20c50e8fdd41633a3bff7a3d

SHA1
3c7f6e905512071829229ea8d190fe762286ae4d

SHA256
9be3a69410b492a08e662511c68ff27ca9a8ac47f5ded1f44d7d8f5b95470181

SHA512
51f2388c6d64cab23e8d8bac0f8f0868075db1f92757d1587e08c3e4786d3292cafd1f95106c83c8b082d3e60429f83cf4514e449708df7e3e4810631bfcc643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
b764fee46b289ef0e5a6d4c26655e2ec

SHA1
4895eee406c1d568c247e4e2821606e592c9194a

SHA256
a7219e74ee61667287cebe07165cf03f70a8532bbf596df5ead5948111c9ec6d

SHA512
b8746a35edb55d81f20913b93c9a62daff37a75322b0cb685a4d725299b66ffa4c7aa642722a6ce8efe891b9dfebb44e7a46dccb630c1b81999d4b8a92c8c6e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
ca5fd798990af15744877862c15f2a65

SHA1
a70b090c46200906baace6a7885f5c6b50a9155e

SHA256
3b617679399f2ad49abd524e94b8099610c386ca8dee2b170e4ac81163c531a2

SHA512
ea0659457a9c6e2b5f1136b8d1b0a3116f5d169d07ef3f4a444b963a270db4f8d9601040b36d25bc40c6deeab8455b78d896f47499c9b883dcbccda78bfbe033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
35KB

MD5
fe9ec659ac8e4d22b0b9af2340a90768

SHA1
e8537c59273d03fd93e172d8510e5de40634aaf0

SHA256
b90fd45301016802c51b8498b9691f56a0c528ffc46ee4f6f1e27e3177b8a991

SHA512
e81077adc3f7f66cdd9ed451af669f8044d5192bb25d04a0a1d86cda46f414bf7445ec3e4a62f5302957c93c305762f26cd1a11538711a984cd2743af2b4a737

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
0f0af9b4f112727ae78c71643d096842

SHA1
38cf2e1fef8a75ee41e74406aa701fda3086f263

SHA256
e42b3959fe6e963a02568e238db042a67938e27911dc8b9eb4013afbf473502f

SHA512
9bc4ab67dcdfa7aa90c6aed62a23bde485b85c39a5c58d729215fa7adff46845905e7d87c4011dd5183a43f22ac6db46618ba7f9c6b527ddbace1339c3996d53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
bbcca5f33682f53306e620f5e658078f

SHA1
e63651e280a649a02528cc96036579f4652232a1

SHA256
b1232ec2fc774636b51cb7ffb002ab4101c024b6d82e537f75931ceb73fa3291

SHA512
5dd573f491843159952cd5cc1641421f4a8839386b83bab0a557a8c1f248b34185fa0fe7873fef43007d8c4c88edbf83ef8fb974d727cd0c0d2dd45842c0b6d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\924ddc6b-9d0a-4ca0-8844-02353242e8f7

Filesize
659B

MD5
b34a431a0eafc48878beea52224b0a7f

SHA1
551cf6079b20718072267608fb1913cb5f622ce9

SHA256
5058c886268833f0ca32ef14940543b5138e132f5691bdc1d5659f3b688804d9

SHA512
10086f1cba317a6ca2b82d74dc19fd5298fed2ca2cc199d82d0a8e6829271191623ca21f66ad69d86e9b78e3e2e18d975074b9d6d1df608b16d38fc5395e22e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\cf0b4a1e-82a6-4e54-9599-479c0e1b7304

Filesize
982B

MD5
b37cfdd1a11a9f20bd2eab19dd71b058

SHA1
13178b335f243b3adb4b5120d63d2eaeba2903fd

SHA256
270f3144f92ce2652fdcbc27007119004c4436a0e199cbb1eafab4f79eb2f4b5

SHA512
1cab5347b2220287f93a88f5cb62041845ba2a4161960388490049b121559a75665928c62a588092c0b829af4883f8c6e2d996d41b16c22c8465cba1391a4548

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

Filesize
16KB

MD5
ba8d2c5780ee70edfcab77377615205f

SHA1
3f9a95efd56424c1a14e747652648dbe8cabe873

SHA256
6b2f757762a7b11e7055c0a6c13d9d20a8501327b8f240326536273ebef7b648

SHA512
ffa8cabd469ae151854de2e5ccd4db4680c753c8e256aa919ef76d85f7757bb5718b0256a05c9457af7d7f1f0bfdb485b58443e71e5c361930e6e05269818622

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

Filesize
16KB

MD5
8c3421937d55ec851f025b6f152e0bb7

SHA1
4b21a14d07c73b839ed540b2f1f5bdd3f894a55b

SHA256
9872a37dba87e15592ba2a7eaaf09dcf075ce97ce4730b98b7fa99f828800428

SHA512
f328b48e2914e98669d8218ed3e3d11d08363d3403a8af6480ec4a52fc18079d11d4c42b37834f2712841ca744407841bade00d95c3747428bb56ea1e85ed7ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
8KB

MD5
8be23d922756d7238b7a8e2058917118

SHA1
15a3117b45f942683f990396a6b51c9d9e5f9cc0

SHA256
321849028f3abc3f1369010a32932467ba5d8e9b5abd8a9fe7cc8e49d0df85bd

SHA512
ed6fb0cb10579fab7de7654290f2870e941f4702e011ca9f756f3349193271a822d7e11d51f98f090e54a7c0745e54d308fd49f9fbda281fa101a0f8c01f70f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
11KB

MD5
e2b3c78788103c734b40b909116de7e1

SHA1
ee54dd3b40881e4d1fd154980ddd622b410df7f2

SHA256
96869cde1acf960fbbaafd677d4869cf692c2d5b8b033a5c00601cc75e05fceb

SHA512
993b7e67807da3550cb477efbeb35ab0bc0838e5d8778e143e5c9331f770198f6547b829f0cc6bce4d74a512f5c7d374024530de60771c4527583c7dd9e06a70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

Filesize
13KB

MD5
2b634ca70fb502a760b6224c242932a4

SHA1
250ddf14b85851553af3db2938abe52c72aebbed

SHA256
db8b27b0cc7b8d12f90b988a06db7a66f281691a44593d69ee21e946ad155bba

SHA512
4097eeb623021519067a7e50903dceba1d2af98a587aa2f1fc1d123a5dd0f2f6018ea5ac78eac408ef8a69fd370b9c760fbc3f44de6512871d36cd8ff0cf9f15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
f3729bb56321595e11e4f247a9392720

SHA1
9256c005ce857f42388149b310aa98af459ef6bb

SHA256
da94ca38ee2ba5330cb1f201cb14f7f5954d2db16e37380b327d5b5dc2258514

SHA512
2c19c5f35fe18a4240f55ca4589ff050d2ead11c3d1ae400c40f5ac712291d43d636cb2f2b067f45eb4cd63c326ecff3fd702aa833f1468d0e25edbedfd5bd09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
a6494785e40529d095d225ed84a4495c

SHA1
b62d3497bba3f1d1d61f03fb608a56213f6d7fca

SHA256
9737f426a57031d23a556e8dd090104427d37b2d53688d3ba47194293893d5e0

SHA512
c3a375d023981a8ea52a7143aac653a84fb25fa947002dbf6b9e1296666cbbaeddf7f5881de41c6b0bc48e25ea547173b99d2680bbfe609e7f7818ecd4f9316f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
641266c821dc0e3c65496135713e5649

SHA1
b8d45a40bdbe1478677414dae5706eda0d536911

SHA256
c5645f0782ce20e8918357e44896503b8aaafa32e1807abb5871b2ef28d75d01

SHA512
8e2454281431e7c9c5f0d70c580a54f538a1261b11db36200e34021a415d96dccf0f2fea8ba962da9b91999504749911638fa69dea59597a9c5ffb4e89f19029

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
e8ecd61bf44860eb5db51d7b7d39a79b

SHA1
794bfe869b0b433ceac95706fe88d982fe5e360a

SHA256
74ebd362e7ba312869c156c62e80708d049a337a2d91bc542549b15bfc634a4f

SHA512
94a4c761d2a1ac74d7c3c6e6f00caa2ee91deb712bee2b06bba8421dacb619264fa64081c58a7aeb1fe9c89676884be4e7801fa719ad2181474a7d56a45b9559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
f6b86c0f17beafa2a99ae67b22bc3a62

SHA1
48310430bbeb21b02e70207c07435c987a0396da

SHA256
1f284c20d71ac9e2ea23c187c1f2f74da89a0b1789d243c459017d8f50ac6d42

SHA512
6de50940f588cf3fd4be940ede72717ce8384a13601f5b06404780d9d61b83fead6287fc84183725185dfbc28a7e59c21678c56fcacf32854b7f40448bcef10a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
9edccf6e4257ba6fbf80d7d3f7bc6a0f

SHA1
ccd5c2030f89bdfdb0f0e531e7b2fe95b15a194f

SHA256
1b0bdf83006e86748bbda284ad4bc3b344ad3368fc1161c9d7412a130d2562da

SHA512
76ae5fd8b24e1bda37ceb0a3a0b74c7b06f75fb12ea8abcb4a73b8752956a39d79f416fc7af905d9ddbb2e21f714aa91409e043d1685333c54b3a1c92625975a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
d8fb5eba23a68235ffdc1a328c69cdc7

SHA1
164ffe145a5970e71976135078e9ab940101b3a4

SHA256
682934d1f175bb7f7c47a978bd6a272b0ea473987379321ed559e2917b7366fe

SHA512
56bea9bd91fe887a044528335dfa2aebc79a32b4d61e2f82089b57d6eab3f66063c28531e49eaf0b43b6bc3b81fb6f461b2a63837e6d90a70a38ee263d9622b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
ab5b91109a1b7310c8312988604ed09f

SHA1
50e14a29cc4c78ce0e4a18173acf912fe336f408

SHA256
c3a7ef0f684dcdb9a88dff9137550a1db671ed8c88cc00fdd8d9991b19788c62

SHA512
71292188c6b67d8f5898f5cacfdd35c8cd31bb3fd634a333da3c8a6dbd49ac8f89441fc2624a054769d043ea066f8a2d94ac58d6d93e8e756edaec84afcb4e27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
f45ea38c2c2c9a2c8cec40c6051f8ede

SHA1
49c366f68031b1d199cf1336c16adf4ff5f536e0

SHA256
d1332ee7f559527997c2316ada42a6c003feb453a1f57be18069d9759fbe9dd8

SHA512
d8d049608ab6a6f360006d9da6bbb965f9fe66dc14851a2790a5789858086645df748bd974d61efeee8980f4b0c80078fdf71c80a806bd0ef23f7996ad60709a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
f57352b1526e9bb6623f534f8006d221

SHA1
f132fbafd688718baa5d6eb42c051a89161034a6

SHA256
29331d404de703035729107bd899e6dbb13dbef6117b14e11123caab8484a927

SHA512
706cdfd68677c18e9a05059d461807142f9066bb82b70bba4f75c8433e842075640806dbe6d489c5ad2faf4913b2c0b6546d7a680776c2d554947971adc7a758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\default\https+++thepiratebay.org\cache\morgue\141\{119d31ec-6f81-48b3-bc21-9f1c23308e8d}.final

Filesize
59KB

MD5
a249b5f9f1b26641c11222bc42737ff8

SHA1
64bcf912e0ba0f4a0951eff039ed747cbf043ffe

SHA256
0e994f64a16f4d824b37e6771033bbd46efafb37d6a36dca289646e1ee47e86a

SHA512
1b7a51360c83ce09a7220ac9668e4c8a82205f8b35df809fb6be72499392dcc17fa9a9dec0ed8dd28e024304045fca9871f62142ee79b90a792f9e04b0a9ec4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\default\https+++thepiratebay.org\idb\2728594770keeryovtasl-.sqlite

Filesize
48KB

MD5
afc3a64ed6be2996e25e1cc159a833f8

SHA1
3acf654069692d6ea84e1da1eb26f6317c5d3dfc

SHA256
7afae442276e88d543099eecfe677b6782e74f03ef7b661164909c5056a2d37b

SHA512
65c0f45a1c9e3fd9926b89d9eab881ac3bf11cf46a36d531fe17a7c25cef2cc8b8e3dd4e35fce4641b7e3e32781de9c0c4f74b3a96105f6b1b98ba4b8f57cc2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\default\https+++thepiratebay.org\ls\usage

Filesize
12B

MD5
4b80e7b33ba471766aaa22e39c6621ec

SHA1
8947727dcd27b26dcb25f54d84be897f589b035a

SHA256
d6dd442e2a47eabaf49c0ea5efced871a56f6d69e6ebb9d62553729598492b42

SHA512
78d1d826432ec7ff1cadeb98784267d821a1e63d9f11b070baffc851acfb74aae73fe318f0465126ac9df3e8172125b2c3871f01ae4c28e8cbb55fbdb5dfae34

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.ZlkLSjdH.exe.part

Filesize
1.2MB

MD5
f53f9124eb5efa98fbc32cb489f5459b

SHA1
8a6095a94b9b80abecaad7fdd7c461bd6edd837d

SHA256
ea45663eb7a87ae2f908c9760c1ac6b91e702b3f19072e94ea532da7b10cc76a

SHA512
1113ae528de0c033b977780f09d940aac9f25d07144f07d13e8a3d6927af2c3d3f11ca3d8075de5e49dd0a3eefe7fe8edaaf0f4be1f125f8c0f0f9987019c1bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 234840.crdownload

Filesize
64KB

MD5
8462a9b69c76a9603a4143d51fbc201e

SHA1
4473590f93f94f22c340a354516191c3c0ba6532

SHA256
fe4bcb4251f77375119a936c80fb36221af0c5105e840e2e115d47f96cb437c8

SHA512
2f02ecdb06760a093f4d8e6f04c97138695b064db8cb2dcc4af9b47c829852f38b77be9425eb2f3e3e36f85da181c116c829921fa35ae68afc57c728d5393570

Download Submit
memory/1344-6368-0x000001958F700000-0x000001958F730000-memory.dmp

Filesize
192KB

Download
memory/2320-5744-0x00000225F2720000-0x00000225F2750000-memory.dmp

Filesize
192KB

Download
memory/2660-5742-0x000001D707410000-0x000001D707440000-memory.dmp

Filesize
192KB

Download
memory/2672-5743-0x0000023FBB280000-0x0000023FBB2B0000-memory.dmp

Filesize
192KB

Download
memory/3020-6697-0x0000011B67000000-0x0000011B67030000-memory.dmp

Filesize
192KB

Download
memory/5148-5747-0x0000020319F90000-0x0000020319FC0000-memory.dmp

Filesize
192KB

Download
memory/5216-6081-0x0000021096FD0000-0x0000021097000000-memory.dmp

Filesize
192KB

Download
memory/5216-5102-0x00007FFF23E20000-0x00007FFF23E21000-memory.dmp

Filesize
4KB

Download
memory/5216-5101-0x00007FFF24800000-0x00007FFF24801000-memory.dmp

Filesize
4KB

Download
memory/6156-6055-0x0000025097C70000-0x0000025097CA0000-memory.dmp

Filesize
192KB

Download
memory/6160-6054-0x000002A8069F0000-0x000002A806A20000-memory.dmp

Filesize
192KB

Download
memory/6384-6449-0x000001DE329E0000-0x000001DE32A10000-memory.dmp

Filesize
192KB

Download
memory/6748-5750-0x000002003D720000-0x000002003D750000-memory.dmp

Filesize
192KB

Download
memory/6772-5748-0x0000019E67A00000-0x0000019E67A30000-memory.dmp

Filesize
192KB

Download
memory/7056-6329-0x000002762E360000-0x000002762E390000-memory.dmp

Filesize
192KB

Download
memory/7208-5749-0x000002DFBBAA0000-0x000002DFBBAD0000-memory.dmp

Filesize
192KB

Download
memory/7432-5987-0x0000029548660000-0x0000029548690000-memory.dmp

Filesize
192KB

Download
memory/7520-6748-0x000002A16D0A0000-0x000002A16D0D0000-memory.dmp

Filesize
192KB

Download
memory/7596-6050-0x000001FC675B0000-0x000001FC675E0000-memory.dmp

Filesize
192KB

Download
memory/7620-6051-0x0000019A6E870000-0x0000019A6E8A0000-memory.dmp

Filesize
192KB

Download
memory/7868-6052-0x00000281D24B0000-0x00000281D24E0000-memory.dmp

Filesize
192KB

Download