hxxps://google[.]com

Analysis

max time kernel
1799s
max time network
1803s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\129.1.70.119\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	BraveUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	brave.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
1128	BraveBrowserSetup-BRV011.exe
2836	BraveBrowserSetup-BRV011.exe
1832	BraveUpdate.exe
2468	BraveUpdate.exe
4104	BraveUpdate.exe
2908	BraveUpdate.exe
1640	BraveUpdateComRegisterShell64.exe
2216	BraveUpdateComRegisterShell64.exe
4800	BraveUpdateComRegisterShell64.exe
4408	BraveUpdate.exe
2484	BraveUpdate.exe
3540	BraveUpdate.exe
4844	brave_installer-x64.exe
4056	setup.exe
4604	setup.exe
228	setup.exe
4928	setup.exe
2256	BraveUpdate.exe
1780	BraveUpdateOnDemand.exe
1484	BraveUpdate.exe
4592	brave.exe
4824	brave.exe
824	brave.exe
4292	brave.exe
384	brave.exe
2980	elevation_service.exe
1408	brave.exe
3532	brave.exe
1740	brave.exe
4048	brave.exe
3520	brave.exe
5376	brave.exe
5404	brave.exe
5392	brave.exe
5348	chrmstp.exe
5648	brave.exe
5920	chrmstp.exe
5128	chrmstp.exe
5964	chrmstp.exe
5212	brave.exe
5640	brave.exe
5628	brave.exe
5448	brave.exe
5700	brave.exe
5592	brave.exe
5516	brave.exe
1004	brave.exe
5700	brave.exe
3860	brave.exe
5404	brave.exe
5648	brave.exe
5504	brave.exe
1552	brave.exe
2420	brave.exe
2468	brave.exe
6124	brave.exe
4744	brave.exe
2528	brave.exe
4320	brave.exe
5420	brave.exe
1408	brave.exe
4204	brave.exe
5208	brave.exe
2644	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
1832	BraveUpdate.exe
2468	BraveUpdate.exe
4104	BraveUpdate.exe
2908	BraveUpdate.exe
1640	BraveUpdateComRegisterShell64.exe
2908	BraveUpdate.exe
2216	BraveUpdateComRegisterShell64.exe
2908	BraveUpdate.exe
4800	BraveUpdateComRegisterShell64.exe
2908	BraveUpdate.exe
4408	BraveUpdate.exe
2484	BraveUpdate.exe
3540	BraveUpdate.exe
3540	BraveUpdate.exe
2484	BraveUpdate.exe
2256	BraveUpdate.exe
1484	BraveUpdate.exe
1484	BraveUpdate.exe
4592	brave.exe
4824	brave.exe
4592	brave.exe
824	brave.exe
4292	brave.exe
4292	brave.exe
384	brave.exe
824	brave.exe
384	brave.exe
824	brave.exe
824	brave.exe
824	brave.exe
824	brave.exe
824	brave.exe
824	brave.exe
1408	brave.exe
3532	brave.exe
3532	brave.exe
1740	brave.exe
1740	brave.exe
1408	brave.exe
4048	brave.exe
4048	brave.exe
3520	brave.exe
3520	brave.exe
5376	brave.exe
5404	brave.exe
5404	brave.exe
5376	brave.exe
5392	brave.exe
5392	brave.exe
5648	brave.exe
5648	brave.exe
5212	brave.exe
5640	brave.exe
5212	brave.exe
5640	brave.exe
5628	brave.exe
5700	brave.exe
5592	brave.exe
5448	brave.exe
5628	brave.exe
5592	brave.exe
5448	brave.exe
5700	brave.exe
5516	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\pl\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_660855761\f0a5ce86-27a9-40ef-bc3a-37d4f123a103.jpg	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1623070637\_metadata\verified_contents.json	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_id.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_vi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\bn\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1233306355\resources.json	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\gui88DB.tmp	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\100475db-a6a6-4aa9-9ddf-f51ecc8555a8.tmp	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	chrmstp.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_447483947\StudentNTP_Sam-Richter_x0825_WINNER.jpg	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1793503934\manifest.fingerprint	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_ja.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_bg.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\brave_100_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\pl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\et\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\pt_BR\messages.json	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-fr.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es-419.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-BR.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\chromium_installer.log	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\chrome.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\setup.exe	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_132703595\_metadata\verified_contents.json	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_sv.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\mr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\uk.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\vk_swiftshader.dll	setup.exe
File created	C:\Program Files\chrome_url_fetcher_4592_341805018\extension_1_0_222.crx	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-und-ethi.hyb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdate.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sw.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\129.1.70.119\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\sr.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_447483947\eric-patterson-1.jpg	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_hi.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_ur.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\Locales\ar.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_286151017\1\localhost-permission-allow-list.txt	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_286151017\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_447483947\StudentNTP_Aurora-Tennant_x1140.jpg	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_461522486\crs.pb	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_el.dll	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdate.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe	setup.exe
File created	C:\Program Files\chrome_url_fetcher_4592_1897773534\ggkkehgbnfjpeggfpleeakpidbkibbmn_2023.11.29.1201_all_acqy67ncydhwie54b6ghdtndubgq.crx3	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_ca.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\resources\brave_extension\_locales\fil\messages.json	setup.exe
File created	C:\Program Files\chrome_url_fetcher_4592_787546978\extension_1_0_99.crx	brave.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_286151017\1\scripts\brave_rewards\publisher\reddit\redditAutoContribution.bundle.js	brave.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\goopdateres_ar.dll	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4056_330994064\Chrome-bin\129.1.70.119\chrome_200_percent.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveCrashHandler.exe	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fa.dll	BraveUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-hu.hyb	brave.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Temp\GUT188D.tmp	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateBroker.exe	BraveUpdate.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV011.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2256	BraveUpdate.exe
4408	BraveUpdate.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721757460489106"	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}\VersionIndependentProgID\ = "BraveSoftwareUpdate.PolicyStatusSvc"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32\ = "{DC314587-1FA4-4723-88D9-E9CD80D37237}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ = "ICoCreateAsyncStatus"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ = "IApp2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\AppUserModelId = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\NumMethods\ = "16"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc\CLSID\ = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC314587-1FA4-4723-88D9-E9CD80D37237}\InProcServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\ = "Update3COMClass"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ = "IAppCommandWeb"	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\LocalServer32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{576B31AF-6369-4B6B-8560-E4B203A97A8B}\LocalService = "BraveElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\BraveFile	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32\ = "{DC314587-1FA4-4723-88D9-E9CD80D37237}"	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation\Enabled = "1"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine_64.dll"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\LocalServer32\ServerExecutable = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\129.1.70.119\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ = "Google Update Process Launcher Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\VersionIndependentProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\AppID = "{08F15E98-0442-45D3-82F1-F67495CC51EB}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC314587-1FA4-4723-88D9-E9CD80D37237}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{DC314587-1FA4-4723-88D9-E9CD80D37237}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32\ = "{DC314587-1FA4-4723-88D9-E9CD80D37237}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{576B31AF-6369-4B6B-8560-E4B203A97A8B}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC314587-1FA4-4723-88D9-E9CD80D37237}\ = "PSFactoryBuffer"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods\ = "4"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC8833DD-4C45-4538-B09C-013B81436299}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdateComRegisterShell64.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveUpdateSetup.exe\:SmartScreen:$DATA	BraveBrowserSetup-BRV011.exe
File created	C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdateSetup.exe\:SmartScreen:$DATA	BraveBrowserSetup-BRV011.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 564730.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 580118.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
2124	msedge.exe
2124	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
2880	msedge.exe
2880	msedge.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
1832	BraveUpdate.exe
2484	BraveUpdate.exe
2484	BraveUpdate.exe
2256	BraveUpdate.exe
2256	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
2468	BraveUpdate.exe
4592	brave.exe
4592	brave.exe
5344	brave.exe
5344	brave.exe
5748	BraveUpdate.exe
5748	BraveUpdate.exe
5392	BraveUpdate.exe
5392	BraveUpdate.exe
4752	BraveUpdate.exe
4752	BraveUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2468	BraveUpdate.exe
Token: SeDebugPrivilege	2468	BraveUpdate.exe
Token: SeDebugPrivilege	2468	BraveUpdate.exe
Token: SeDebugPrivilege	2468	BraveUpdate.exe
Token: SeDebugPrivilege	1832	BraveUpdate.exe
Token: SeDebugPrivilege	1832	BraveUpdate.exe
Token: SeDebugPrivilege	1832	BraveUpdate.exe
Token: SeDebugPrivilege	1832	BraveUpdate.exe
Token: 33	4844	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	4844	brave_installer-x64.exe
Token: SeDebugPrivilege	2484	BraveUpdate.exe
Token: SeDebugPrivilege	2256	BraveUpdate.exe
Token: SeDebugPrivilege	2468	BraveUpdate.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe
Token: SeCreatePagefilePrivilege	4592	brave.exe
Token: SeShutdownPrivilege	4592	brave.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
5128	chrmstp.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe
4592	brave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1728	2124	msedge.exe	82
PID 2124 wrote to memory of 1728	2124	msedge.exe	82
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 1576	2124	msedge.exe	83
PID 2124 wrote to memory of 5064	2124	msedge.exe	84
PID 2124 wrote to memory of 5064	2124	msedge.exe	84
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85
PID 2124 wrote to memory of 2648	2124	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbc5046f8,0x7fffbc504708,0x7fffbc504718
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,7222011063425946875,6501565006132718690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV011.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV011.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:1128
- - C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2468
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4104
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2908
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1640
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2216
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4800
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MDk0MjE3Mi0zNTBGLTQzREYtOTIzNy03REZFMjNEQjg2QUV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7Nzg3OEJGQzYtRkZGRi00MjJFLUI1NUYtRTZEQjY5MDZCRUJGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE1MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI4ODEiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4408
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{80942172-350F-43DF-9237-7DFE23DB86AE}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2484
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV011.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV011.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:2836
- - C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3540
- C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\gui88DB.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4844
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\gui88DB.tmp" --brave-referral-code="BRV011"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:4056
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=129.1.70.119 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6bd8b6348,0x7ff6bd8b6354,0x7ff6bd8b6360
      4⤵
      Executes dropped EXE
      PID:4604
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\gui88DB.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:228
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{2AC954B6-A9FE-497D-AF15-2332A07FF329}\CR_3FE83.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=129.1.70.119 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff6bd8b6348,0x7ff6bd8b6354,0x7ff6bd8b6360
        5⤵
        Executes dropped EXE
        
        PID:4928
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins4MDk0MjE3Mi0zNTBGLTQzREYtOTIzNy03REZFMjNEQjg2QUV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RDUxMjA2ODQtRDUxMS00NzY2LUFBNEYtODhDNzYyRjE5MEFEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjkuMS43MC4xMTkiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEyOS4xLjcwLjExOS94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEyOTQ2ODQ0MCIgdG90YWw9IjEyOTQ2ODQ0MCIgZG93bmxvYWRfdGltZV9tcz0iMTk2NDgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUwMCIgZG93bmxvYWRfdGltZV9tcz0iMjA3MjUiIGRvd25sb2FkZWQ9IjEyOTQ2ODQ0MCIgdG90YWw9IjEyOTQ2ODQ0MCIgaW5zdGFsbF90aW1lX21zPSIzMDEzNCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2256

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1780
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1484
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Program Files directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4592
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=129.1.70.119 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fffaac09c08,0x7fffaac09c14,0x7fffaac09c20
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4824
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=1976 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:824
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2256,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=2280 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4292
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2444,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=2652 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:384
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3484,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3500,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:3532
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4224,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=4236 /prefetch:2
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1740
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5168,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4048
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5164,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5268 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3520
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:5348
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=129.1.70.119 --initial-client-data=0x278,0x27c,0x280,0x274,0x284,0x7ff7053e6348,0x7ff7053e6354,0x7ff7053e6360
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:5920
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:5128
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=129.1.70.119 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff7053e6348,0x7ff7053e6354,0x7ff7053e6360
        6⤵
        Executes dropped EXE
        
        PID:5964
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5412,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5432 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5376
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5424,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5460 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5392
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5476,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5612 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5404
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5248,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5988 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5648
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4968,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6152 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5212
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6184,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6320 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5640
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5252,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5580 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5592
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5572,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5520 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5628
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6472,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5760 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5448
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6628,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6644 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5700
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6480,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6500 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5516
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4776,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6548 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1004
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6456,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5444 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5700
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6604,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6452 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:3860
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5968,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:5404
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6700,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6512 /prefetch:8
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:5648
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3752,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5176 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:5504
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6608,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6688 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:2468
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3768,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5812 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1552
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3748,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5520 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2420
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5856,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5276 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6124
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3632,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=3536 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4744
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6204,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5820 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2528
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5588,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5664 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4320
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3736,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6108 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5420
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6060,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10320946154268766946 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3708,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6072 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4204
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5628,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6332 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5208
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6332,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=3656 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2644
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6376,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6868 /prefetch:8
      4⤵
      PID:5504
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6824,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=3784 /prefetch:8
      4⤵
      PID:1756
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5996,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=7012 /prefetch:8
      4⤵
      PID:5608
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6864,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=6948 /prefetch:8
      4⤵
      PID:5704
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6196,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5604 /prefetch:8
      4⤵
      PID:4940
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6152,i,8882376738273708939,12394537105631359597,262144 --variations-seed-version=main@22762a68b3ebb3cc3e3b70b434329aaa71e1dc21 --mojo-platform-channel-handle=5656 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5344

C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5144

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- System Location Discovery: System Language Discovery
PID:2100
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5748
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4636
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:1868
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4584

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5392

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BraveSoftware\Temp\GUM188C.tmp\BraveUpdate.exe

Filesize
163KB

MD5
b56076c9fa21c21f5752a73bee19f7df

SHA1
07a1d1cd25d2dff082bd9cb7efbff986b7766ac1

SHA256
f4a213cd3af5906d7f48424470c7aa861fc886a615113c35050bfe36962066c6

SHA512
d7b391fb26e0c605ed45e789054d2307bb5dee6d99e61878c98a1c7836abf97caddc1532a62d1e2a70febaab4776e1ef951e8bf8bc3979b4e404990f57eee2f0

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
8470210e98126b4aaa26d3b420fb16fb

SHA1
ca985c6ba465f906fb8802204793584fbe307f65

SHA256
e2611b391dc2834d1be230252509c8aa861da24862bd3534cb4f8bca3b00c955

SHA512
68af20cf26863a77b41746a75dd456aced24fa3e91597c548d08176cf7f4c9f064d856d860ac22b41fd42da5fb05c4bcf56fbb15ee2cda42fe4bb56254b07f8e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
e4b2dadfc952e6c05754906cb09cb9e7

SHA1
77dfc3fd3f88782f02896ad1014afd5769770502

SHA256
3713be6830d065fc6dec312e4a536bcd52d254e0a0837c67285f98dfa0e9073f

SHA512
1d99cf4963f2cedce57a851e584da7e6e93bd3e82b12c71732319fe49ea5a2f4f65ed46c9ff560cdf7daed7625b66318f295a45cc649cbe56d2bdb7f980bcb97

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
542a379ddf809d102b7c3f49a60d3aec

SHA1
03e3dcaf64c4213c054a5ff77eaeb7ee96fd8a5d

SHA256
105394e1e5679090e9007fe4d4fe843300e345596a29acba9785404c3e81598c

SHA512
b241948d03e9a6f40a15bec2c7f2be955360a40b652bb723232f7cd6293b182a54751c9eee8d2c34b0eb6b3024192d57db77601bb7c5c3629f0edee1ab17a0fa

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
25828a1ee3e9603e8b8653312a1fc93a

SHA1
c2c5a18a3c48ac8aab71510eb7b39a4f0f0d2728

SHA256
9a4da8a83d44888bd94c980e5f881e8861c313b4587387af3756e7e9ce32d2f4

SHA512
8f2a6a43ecc60b4c456794735da552ba873760bc987bd54bfc06f4ea1579a8db17f1c0440f9f243cd2b2c9f16bc4eb2205f2de622a2061ece5643c5f75ac7608

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
f8047c85b81dc8e773fe17fa2ca0d2bf

SHA1
163da2611b65261ec6013b8da40378f17d4d6caa

SHA256
a6261ef9cca7d4392df3031235efb76e60cb99cfd332e0e9d723fc769827566e

SHA512
4e23f875518f81803f247268f105f06e1864281afccfc07bcca69ec122e45463b8d9b94fa6220459ec40b2466fcbc7cef5eaf361d95d3e04a5c4cba1f1572c15

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
524ff11c8062e51b61310e0017605325

SHA1
7623c4ff6883f164cdff1fd251d5474dc643a5d6

SHA256
2a4ae9c22f92e01d38c6177982fbb65f2ec422e02b65c7178f1f973e58d2c545

SHA512
56a1da642bb5a196bb4bd3f0a6289b1a99f52ada9d8d6b10acf2cf6a01958b2b0c7a7da9bb7ea06c310c06320a35ec36eeb2a12ee819796ff12d334015942bdf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdate.dll

Filesize
1.0MB

MD5
c20353018acd605661691186bb313a69

SHA1
ae814ca566dadb3357edeab9950e8630244c5c42

SHA256
137a22656d8ea111c43c6be8a3bc938ace7b566bdee0de9c9d40467403e9adfc

SHA512
ad07232696c4441b3bfe535601019d447a90ce99be380d6083094c510bdb8ecbfcf097d0f63c996dbff40877fb3481c24b6de37925f0f3421e0821cb6fc96ae4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_am.dll

Filesize
42KB

MD5
5d40a02a36276e3f7392b96483ca5fcb

SHA1
b22cf2296c45cf2109d81d099abdd08e1733117e

SHA256
909018f8a3abbb706a61bfacbc4dae114fd9089b11a6f2f238d5178a04e00858

SHA512
fc37a837eb19ae6e602192a7f1f823d2e8aba80b63adea3eb2df0ae6cdf98b1bb1139c6f665a350abac358be05c89fd87f63cd44678d7c31e8b0328180e5a38d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
1438a59ec6867661daaa73dfc9100cd3

SHA1
d99ee16ad2219fc6dd684aaf675abb4a29033027

SHA256
e1c702c5add5ef1c6120753322f5b46c776d5ef5de605f1f232d421226fe7cab

SHA512
b4ce503dc99bf2769dd51675585447187088aba683390fb561b4223f48e56ea17fed03d53e5ef358c593227d27e4b55fffb1c13cf4c9777d2a914df4728ba6b7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
05c525668c67c9fca189a14e3f2caa47

SHA1
88f8fb98a9963d2925a709809970605bb70a9eea

SHA256
dc615657a6694fd7827396230ef5ca00b2652c2a56e9974dac8ab99cdefc2ee2

SHA512
375c2c41805433d6cc24a464af1ee3290c3641a5ccdf339bcc1db98db9f29fefce0ae17b50a71b232e624dcdf4dcaa49107b6bd4e808473985051863c979399d

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
d4e7fdce05547e5d82d0e07317a9f000

SHA1
e48fb860a22c69c5dcd9bfb39007978661b05c13

SHA256
a39569db90e72b110e5049e819018c33ef86e4fdb7248bdb3555a45d5c4cd6f8

SHA512
f4d91b3aafff6c14a81a1ca7426f9b926865b87c62c1e349c0d657fde350b5936100ccc7e635d5d86b1ce02c85b447731071ae00d2a9c420e0109494a72b9529

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
1cb6fbeb6b3917a1aef6b18674db9696

SHA1
52efe802e7923f6fe92fc220fb7afcc44432fac1

SHA256
7d3fadd8becbf8096b7e555d7ac08a17ef4bcacf8344918df139fd58f2886274

SHA512
08c39a09a08d4e3b24cb9479ef7cf1d363dbd3e8cd21c5974bb4fc7377bb47b8e41a848dc520c61996f8a7e6287b9c3a3983fce8c017faa34aa3ea130a67999b

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
12fee2e4d745793098e41a8ae63eb7fe

SHA1
3a581151f32a173e3028fdd3c006e1bea6240a86

SHA256
31e5eb20711dff16a4749e3f8dcb44030ac96787fc563dd72d6013d89e1017fd

SHA512
5025d83c1d6317c5373bce9032fac9d2723e5bc277bbb79ef5d47006e2a4fcc16607cabd736a2e14e44990bf417eb35d2e4266a3e51bc766965d20ab0eb2837e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_da.dll

Filesize
43KB

MD5
9b929cb8a4fb0c3e0afea05b3abc258a

SHA1
b44c25dfe381fbdda64fd77c4e5904871d89e2c0

SHA256
dc881c03ab2177494992d4489bcbf66386508c141e8519558001754fb94197e8

SHA512
1bbef0a789fe4b56814cd9913ce1c90b1a2db8d3d257332107eaa69f47479857fdc2d3400b26f7edf6431a9feb051856b821636441382c9f725ff3fb794d8eb9

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_de.dll

Filesize
45KB

MD5
497494c837c14186139de4e693c200f4

SHA1
54f02e55732421dc6a0da1a5be91fc7a07ba16fa

SHA256
b85933360c2968f0a3c8dfeb85414dc9ad74ade48a4b242666551a3342c43d76

SHA512
d3dad791cdf942a913b164492dba6981a6dbaee8c27f2cadd71fac565734ca0fcf4cec1785c2f27d085c327ff5dc27a4fe7f4baf2adf07d97fb11dd597693c4e

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_el.dll

Filesize
44KB

MD5
061d3721c9b17f5d1d45e70a8d711495

SHA1
a07d11b90582875746551c1752f171de62302c8c

SHA256
9bfaee77f7e65b59254778267ecdf02a882ac290dec3c514e988352957543f0a

SHA512
1123f2047a2fe56652ab6b17be708a71b8f02c4f41e29ae0c7146b9dc109824d405c06b8cfbb4cc039fb3d8072a020b9b49c19cc3ca537ddc5d1d78cfb91c6d7

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
d630beb6af64f420ceb27d44375d7690

SHA1
ff63efda309d1887880db7b7a4a724e80b83dc73

SHA256
b8af4647a0204c34aeb3b8fdf0a5de3003c486f6220ec2564c69475eef17edbe

SHA512
9e3a0b7d65f3d6083be01130d64aa743126a2897249e373938495a82bf41923e9333de7692e779556c0e4ce79c053a58b41e63965ce8855b981e9f470c2c80eb

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_en.dll

Filesize
42KB

MD5
d7f124788581937059960cb2566c10f9

SHA1
08f49ab58eafb170e65be873f05ad789794b76f9

SHA256
e238c7c39fb41e8c45bf0251e7a3c94cbcc7ed9f71314bc44242d5b783ed4982

SHA512
96a152168c976c421599a855f04f42565d52b464618517faab72a3b09f600136c0206534ec2c4c279a6b3e5ef729ce83432082bfad06ccdb324852a7137bb746

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
9d369670cb509dda9f74c91cb6059e3f

SHA1
a33ec95a80529dc70995fe589c395f14be500df1

SHA256
3769927f879298bef412c914e736c6fc992a65a3f5b29d0ece58858a6d0745f1

SHA512
21de84c806bf66db155c54c6f680d7f03b07e9eaacab266923a0e415968c8b77056b8a49bb7ea1ad502f0a18ef8b74c971f9ef66619c5fab7ea39bfdbe461bab

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_es.dll

Filesize
45KB

MD5
7ba5e0af57474dfb47dd2af9c006f22c

SHA1
d1fa8e1b4874244d3aaeb929119536ce97261efe

SHA256
0e84e192aaf5421bd450711b74370bcdac03e783c0c78c2633083eea85b95d9b

SHA512
f6d22430d37c956dc06d39dac924bdd5220a7783b6607dc0c8c36da099044ca725a2583590fb99e307a9ad67ca0755b58dde9bc36e13779c2ff0f4398fdbbfe3

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_et.dll

Filesize
42KB

MD5
2fc689409d19745048d55eb4f340afc1

SHA1
e59199731f41c366db9d71f83f6c927d84158a91

SHA256
5c834dc93b9d40d787b5440e22a858b187ab1bfedc7318ba26f2c1dfc7dee477

SHA512
05aa06d59edbf3fd85f1edd22ff4b3edda486738912440bff3a675c8f37b96d1e700366e3cb0a3f8711c61961699575d8603d0083201d92e253411a4633802cf

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
284d6001b69fa45df2bfe8c4661db3ab

SHA1
86f93bc5521928fef0bc48084229218d1ae6e16e

SHA256
c7ef7b2160ad705405bbe7ed7b25d5ba7a8e3d6c7b7357f4ad5466fd586874c2

SHA512
519e9ad423c784360bce384ffbcf273712ba8ce4ef3c25678e01fc9ed4652d4834b4ed8943feee0d53e7d40f60fab6d6e1d7e4954b737d5f303ab374284ba548

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
9d9207df14c62ef118e13fe4820c28cc

SHA1
a6a5a10e8ad7fb0d32147abfee2f226b444fe73b

SHA256
ca4e39551d379ecac42f4b81fcff517c3c879871ae024438e5a45050b8278610

SHA512
ef997f0104a0a32f33bf7717b8676d1431152dae2375a6d68b05ab26f80de698a55bb9adc9a238b1a03f820f62f9bd19b22f4ffb3cd42cdbd88d2937cdb4a223

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
fe9df86df1bc693da7c9a185ee5d85a4

SHA1
71f1ea67fb45b2c12f36e77c140fb29e28a2e45e

SHA256
d98541a07550d176d46dcdff6b095b83f71f0b42efae7ea8ce87c2f0a64032d8

SHA512
8a48e9e67e5fc820da0c4115e68ea12674168d2be446b32436386d399e4b6ba90f719cceb4b45a67c6c41f49a6b6a0c1014a1fd6dfe03308bfbcb76c20f53134

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
1544fbeaac554afd27273e941fa490c9

SHA1
e804fbdb05ca86f517fad674b93757313f2d7dc5

SHA256
e4d6d4a54524660cfdaf2efa534846af6601395747d1c3648d9cec42d801c763

SHA512
cafdc1ad72b365bf888762eb2e58316754c69cdd54e7e7dc0a5a3d89482f16dcbf49b14d2fea3ecab86a969646f956b4a45c50fa14c45e1aa3377d8293e34dd4

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
0ea4d8c1d7a765c02bea0bb91deb4a8e

SHA1
14445c78217acb09825808ab247457f456000a12

SHA256
ad5b798bc284d2d90e240ebb9295772a14e8d76a82055dcd0380160f2d70a471

SHA512
d2b738e315364d55463e89d61d224eae7a0a31999a410c6c98bdf7ed79d9efdb9bf568d30a682c3bacd7c5911ee75504da554e77e225acb175d6e54d972c2e7c

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
b4b16535634ecdbf46252ff0900b12e2

SHA1
ecf0e53abdab7b08f77f1de344d50334bd60a0c9

SHA256
c98db419ac54806533ad444baa436b26e37be1199b8539ace88e2b0c78a6b077

SHA512
9fe23490e5fc016b8c3f286c60c4ebbf1e8c676434cd2836ee601cb0d6ef75a26b1ddd4b6779cd09ec8f5c896650181bfb62fab01f91546c38d66ab0607610df

Download Submit
C:\Program Files (x86)\BraveSoftware\Temp\GUM188D.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
7fa697c5f53d334ba3969ca5fdc9bf8c

SHA1
05fc24811889bde15fdf457fca0e85f210fd13da

SHA256
738d60a99fbd5a6149ac0da721c3bb6626c25c31fc1d9d97a1fa958938951ad1

SHA512
52bf23f747869388ff0db06c84d8cf835e44178948683507144e2c3f958c5d99f0bb197375be5d1837ee4b841bb51670837b2b46a60e4a426192615d6c5ae569

Download Submit
C:\Program Files\BraveSoftware\Brave-Browser\Application\129.1.70.119\Installer\setup.exe

Filesize
4.3MB

MD5
73c2b076f1f7818e4e738601cae3a099

SHA1
45a3355b7aed5f2ac1b2387fb10f8f58df5765f1

SHA256
a01b7a5aaba96ae25752d9f7d296c36a57d5a475cb85fbe57215627030321581

SHA512
2ee0b3c2153d66b453d4da351a1d1063f19d2052bc2b0f575b7b3cfd5025b8876a2db80ad005620bbef3febe467b7b17f26bc8e6798006cf973dfc60e0ded59c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1261790028\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_132703595\manifest.json

Filesize
108B

MD5
38091b1f14bd35ccecc3fa4053dc3748

SHA1
9a6d0ebbacb9e9603b7af02cd0e09a3eaf26c583

SHA256
b160c771f5e43326421821df5358427f91baf9aff40c0833584d827b75590498

SHA512
e2b87df1bd88500b18c4b046624aee859719c9496e3e1eb25ed063f2b755ba16bbb6512cb3ad6916fbd37432da965a75542d95ba0ffd4bfe0707c0ab3c496e48

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1445398641\manifest.json

Filesize
108B

MD5
79c93e2d4ff43ced56bc85dd135a1f7f

SHA1
bac80396dd067cde3e8b35c2569224d9774fe6b5

SHA256
973a1c3d8ead6f6c560fcd17cbc38122fd18ef0095523409cf8c58296b57d54c

SHA512
3185c831036e8e47101cd4eed83cf9bc40b27f108648f7c941c724dca3e9f0a029030f5f60e3d836303dee140335cfba11b7adc59b6afe57ee90415d1fe9b6cc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1475785158\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1500129809\manifest.json

Filesize
557B

MD5
bdd96f38318d5e89dcfaa0e2dafda3ff

SHA1
71a6e32488a4bde927ddc75f6e057fda4381ea18

SHA256
16d83bc13568507d36f85687fc9ea1f4bb1fff5888c801db9583fda49b25fefd

SHA512
53de96a5938b89d6fd9a6b493af2d3f679ab141a7c959aaad4095d995edab62353f6b49a3737b20fefc86a39c71d2d2549a8976117747d23882d5c794e5316c6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1623070637\manifest.json

Filesize
72B

MD5
52b0038fb7e8868b21afd86cbfcc8166

SHA1
60d3c2eb57c4d2f0b3d823d7abe0f28d3c00c032

SHA256
a58114ba12e4cafcfedc15f51d3c0e3ff097d7dd789f0cda5c629ca1ff773107

SHA512
0ba06757a6fa06b1d86f43fc5993c77b5f58dbf96bbbb65d0449509614101705d4d168dbd1b9ba3142420917f24d017edb2de0c736d9acde49a94bbf3224e5cc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1625926465\manifest.json

Filesize
95B

MD5
7e7f569cf049afd154c6e0a0514a6b39

SHA1
af714d1922e2858386fde3e4b1c7eef069395f18

SHA256
145d41b1b0029f3bb3dd1a44be0524ebf091305f950887f221f0b16b20704d89

SHA512
1819c0b8940938a7639436a73470d6d9750c93351f041b32052895216d95fcf59713a0d54c603641a8d7b9f91de9a513d91925daf847d8132b0990e45ecd5224

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1655982728\manifest.json

Filesize
577B

MD5
5468bf24e43ffa57eb316682503d94eb

SHA1
5b2707c10b66e77eeab8c92c3feb1356308c344a

SHA256
7eda90f41db4ff9f9befcb50f475c0dab88f601236ea3a29c38adda21f4146da

SHA512
e2cb2f8c3f23f0b76c2ec0a22a8792946b5d67c78b400c865fba1a2c49d6688b8ac7c08a2580d841a19eaf263d8610fb6d57e2b19b5af5c468d36d15eede15e1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_177153020\manifest.json

Filesize
564B

MD5
5a56d688fed3e198d524e1b15fa18eb0

SHA1
a4a4a94931ee7a668646e20fe513e57db725f7c6

SHA256
f32603ea05c24e0c684f579164b4095622dc2689f613c90ed9f9c83d92494839

SHA512
308f32d5d26de27a31c642f65f39aee5927e8780dd2953a11c433472b37ed876d4a8b9c501c3f78dbd516dd195df19c9ce852c93c6c76c645fcb9180eddcce72

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_1969537028\manifest.json

Filesize
584B

MD5
1cb0766c9849f1105d94999fcdc33ff4

SHA1
d40380fb0895d753835cca688a80fda2963eefb1

SHA256
eb91c374e5df7c5f454e3edc1da67cbb3be5e215cc1ec09a6ac86f4d4bc38931

SHA512
32711938a80246497d90e878580270563e4d624573151e4b73ab1fe391181da5eef2bd01db9c1ac558d56d2d3843f4646c9955423c55a85cf965d4afe80cbc0c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_286151017\manifest.json

Filesize
562B

MD5
99f8dc4a5b672e9d76c196228d637016

SHA1
1f1a904b76e3c72c81875855c50e888736240120

SHA256
1479f6c4eca582608a3ad0977b60daae0534811eac35ade8f8db4301c7036388

SHA512
312fa2ba10958ce1ce80a2f159dc45c22d029b56950e8f494ac6548c8f7de9f2d93c144480272719d11277215de673fe6281a5996c8dd2090c2c4e396c374ec3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_40590860\manifest.json

Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_447483947\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_507157091\manifest.json

Filesize
595B

MD5
0e34a3167f679dd785d55ae2d8cf263e

SHA1
4966464955f02f80cf746bb516a40d251bbb63f0

SHA256
29f8c6a51a97d35dd91d67ed321fa2de77850f865c4848e281b379181c75a5e8

SHA512
e4e042c2cfb80e57f448ffb24d25cf0d736ab64796eaa420bbcf752961acd2a886008ca237c636bb098ed222a127d5f7a2eeeffd8f37ff81afe374f1aa43e779

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_615500544\manifest.json

Filesize
591B

MD5
3e0bf92e463b6f6a8720061088b48b5c

SHA1
2eff45d3d87279bd90ddb988fbf6c11e10a9e110

SHA256
f4eeff72b89f277084b66852bcd308ad4b431e10c33d1bb77ffc768f88de696e

SHA512
918862b5079c0245bef64cb286aa500d963fb5220ab431ec44b3285749bd54ee10cb82ddc58a5bc87d8b632b26afbb7d9a1c06aa0cc6d25bf913aa73ca6beda0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4592_660855761\manifest.json

Filesize
546B

MD5
315781ccd38092de9328789fd96e72e7

SHA1
5a1c98ff5ef91e77ee69627ca08f48f2d3c23d95

SHA256
00ac38820efac1e0c9077fa1d1cb5a15d4a40e88b79b046496a5f47debfdfee6

SHA512
223d280e12d0361488d6632edb9a960dbd910efe239cd270b6e21035b2a8383569c8b3fbc53fd76aa4569c4ab1178f1fb3038483af001c8c44df919e38f84179

Download Submit
C:\Program Files\chrome_url_fetcher_4592_1973104287\obedbbhbpmojnkanicioggnmelmoomoc_20240902.672363756.14_all_ENUS500000_ad7vvzavwq3jagk7cpmno4qz2nzq.crx3

Filesize
5.1MB

MD5
c82943a94657c1ce0bccd34d343dae4e

SHA1
66d83ab6ca22a065017c1f3a9311da6cf016dd08

SHA256
79a6486379270d1f75affa98c9a93e236afd20fee86adbaadd8d3b9f37aa13c6

SHA512
f7f54147507625564986a37fc1dde2c8103e8147b407aff282d600d972228d2f93fd5e25f625a831dad277a493b320dd31ed8a9b36dc938093b252f946089e77

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9165\crl-set

Filesize
513KB

MD5
092546febd192d3c2eca9624b8ecde71

SHA1
9ed85206e70f5515b56e97877ddfa457800a0ee7

SHA256
7f8a30b76c200faf14db1cdde947bfccec935b554edebec853a88acfd12eaf4c

SHA512
afe1e3146b161259a0958a1d1136c7eb8ed57771b1d0c02597044f66fa1a9f79cbe43ec7b0517f90910222642b22fee678dd280918f08740c18ab02112b3d7f2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2023.11.29.1201\Preload Data

Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\495277a8-4a8b-4a38-a2c0-b8115d510481.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000004

Filesize
30KB

MD5
6340fc6a45c4f217db86a8942d3898e2

SHA1
5227d95a9d98acb946f290208db73023e8be7c7c

SHA256
c99e9ceb7341c0a1b1e66cb5e0af0f50c4ce7964d788a58405e3c8ab31adc836

SHA512
29a4080f8f6b508f2cdc99b88130f06c881488426e342c1f52174764e7ecd4f6ba80b8b7a5d7d343feca8a3d9438d7e30e94824c90140939e90042f51791022a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000005

Filesize
31KB

MD5
3365cfb974de5168512fea2f47a1841d

SHA1
52e356a2a1244659b84a0e203979548743016ee5

SHA256
4380fe278f0fd356413c3cd14c879842c63df660752966b641aa28d4b3a328fe

SHA512
e5ee2ac1c40805dbcbe32b60872ed4a62561a6b8a4a4d278a16b88879048f1688eff32e6df57e5d1ffa185a98399122f539ad80c3c4df54a2709d39dae20f390

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
1024KB

MD5
ebee24916fb22b5c49c366cafb8af3d0

SHA1
7116fa3dc732d3c4507707e56eb751018ea3a356

SHA256
55104f2b86bea2da23467d48a682fabc30f3853e17ed4db8a21f7aa5bcf7480c

SHA512
30039f8db59977241897b6dfd7f28cd4a7172b016e01c880c498e41aa11da7b079a1574d325e14a8e9af54d7dde753434e841dcf063bab541a57aad554e7c401

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000024

Filesize
406KB

MD5
4794a5e5396a21e7b3eb9aeb0e270831

SHA1
fafed92dd6ee07c2ec109e4eed2e179ad0102339

SHA256
59d2492c2173c8c4e8882fa309788c7ee0d8eafc8f8af67bc151d87b42af44d0

SHA512
06adda5e3426df2c40a4a90f01126ba9b557179cd2debe863882db264d7700a6b88c27df9fd245a8ea7cb91f18928f5155967de0c6f7aca01e8f4850b8e15cf2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000028

Filesize
35KB

MD5
78f6a7289d0e20d4533b050d0a0ed852

SHA1
ccb94b1a8b3c24747135c9c899f242ef77ba3335

SHA256
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3

SHA512
a39efa5406904ebed0d1daa15f37d7d8d4230418fd80eb81c2f0bf16de2e4a52d289e0edc4f00371ceb57dff1b077a6bfaa12dca1781fb498a2576cb956b197a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000029

Filesize
32KB

MD5
6d90b43b30166957cb37e18620a82f05

SHA1
d74c5b4d0e7422a0a449c9ba59297ce40930d7a6

SHA256
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

SHA512
c88719f9a4d7c183df597a64aaa926bb586f23c9c155990b423602fe2dc862bb830fcf53bc86b7eda254e3d07611b980a9decf8fa1cb4c019c0b9d5c0dbb3b3e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
599KB

MD5
b6b963be3061308ec0b68c4cca56bb87

SHA1
92460520e7ce93eee749072ea610b7b44ffb84d8

SHA256
4708f9c432b1c8a3db96f0802f19498002fbba73049bee8596d47e69fc395185

SHA512
c222f954ce1d5ddc79b1cbd33e57d5e107b2b547810ce289b45501fbe56ebb5abf793eec7b71d621e6303bcb77860eb7005c1e5ee167c19c2e41f37136944b83

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
fab7954f6ee6c3517a58bc91fae9d639

SHA1
c4c43f47cd8267a2c8e15fe0e8d7d66f35ff7f23

SHA256
04adc6813d3dd7f3e65e6949da41c3aeb6cf5eb381a5383bd6b13f7ab69e689c

SHA512
96ecaeb94f56bdc450adcd1c878e42167a23d343eee0fcb1e24c11c3a83bfbb91fdfde2adba6275cf220526ea2dc557205ea2e66b2734d651c03b0bc5fe99ee3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eeae5ae0a7058102756a5f934f827ad0

SHA1
ef084fb442718b4ab1df09b9b98d8a8ebfe79ffd

SHA256
2c9862ac0c6dde7615683f6c89a1e8446ca783587bd5d887231d273f11b63e30

SHA512
effdce0fbe5486a02786ecd6f5c96d58f89626e047fe95e8e5d06a2e21e5908ad8a1ba6b64416d039e337a83d8a86c6655c80fdc0cbed1336b152e3434fac53b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1f5daa5b028bace6fdb958699b21ec7e

SHA1
4c9e61c33c466789806c3f28800003a684fc2a35

SHA256
b60138ee2a4821d8de5a3156a51651c148bf6ab150bd4fcb5b4ec28b6e929005

SHA512
b59b15088cff478b533b15ad264f28fc53f80b5d53801cf7badb628c61fd9c5c807cbc956f33fdce12ad8cd70ca640d2efc7d593c3c25250be0e7a2d9a947f94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\IndexedDB\https_cash.app_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8977dae5bfefbc10b22f76db2f5d6df1

SHA1
326a3977be58131911dc6845a307cd727d097100

SHA256
59f1dd1719c75b9e30434470e31c17ac4978eb25a6432afc8aaec58e20ee9705

SHA512
ea2a6888883a10f2a7a179487ab72633688c9183948fba89b7c489afdab30b641399562e60052ccc766434d6b45027a524f1a872f36951199fb37b06fdd2c5fc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95846fb301b129c4a869d6c3bf0d785e

SHA1
9e95878d29c9a836fbbfeb172d827f1adf5e58ae

SHA256
d1d3be5c584b790373b94ea3bf982921a1d9fc892c64d183c844ae598496d4af

SHA512
04a3f27ac9669154905f8c0ee889131fb356ff3c6e4902d1424a1aca1ca1de139f6032ff858ac7b0bcf66579893a49b6d6008f3c3c0e7bd3ca4faa94c62bdc7e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe6928dd.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
53a80245b1661500a799bac94f10f8c1

SHA1
c4569135477bdc8875238665f7dc01dd25f167eb

SHA256
6885a03d16e715dfa06c6b477352fbbe0bbc38cc9bcfd161b5f42932fa5e3ea4

SHA512
9f143ba0c82ed7d767c16635beca85c17bf35cf3b2986390cabee00d52dc41be116efc9387169aad1f8c77c0f38f57306d5126d6441ec765c49242ba21067760

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
eae120151f98ee41ee231e4f65c3680c

SHA1
9a94bfc24cda33963601364d0e7e75d5a4a9e935

SHA256
969998c608cd02bbea26c7955c3bc4f3ca8657ca31e6a0561b7b1e31d3973790

SHA512
3b42a0878c7edd18b01984c3db6a87722eafebd9d37b34de22a464d840fd91f1f8dcfc3571ac4867085ad334395e91d743a351a6a9a7b72602433d8dcc4aa551

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7fdb422ed55613640940280910589814

SHA1
f186832319fecafde93a0453933eb26ab65e5a28

SHA256
d1c95b02cdaf6e4db4d2c11718adca78595363353948b644e2f695dbd5184a6e

SHA512
44915faf905eeebcdd3e9f872a854db1a45212ac07891c3305f81b973aa45a562d0ddd248ed9a86ec735b0b87af876426083c56c6df0c398add3316d0517e567

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe68f431.TMP

Filesize
188B

MD5
54f8dab2259131183c7f1b5b4460cc61

SHA1
e2327a8f43d9f999796019a72125da2bb1fe28f7

SHA256
83b5fbc0708c232de0ca5c234c9032c3476b4c769ed19c52c0e7ca3dc300398b

SHA512
3af0399190cd99d3119ce4f6d620c121fd5b620ec18e5f430b14b95addd0e5a6982d4d1969c5da67228de18527f6cfcd43849a7acd72aaaa079363923dde093b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
3548722ba616a9635e018cd49c71f9d6

SHA1
b19859e3dd551b523db44d03d14b61f589190f77

SHA256
bcbaada95b58c0318fb684db6aff385e70e2982d9fbcadf86cf29c566216fb99

SHA512
4df3e6b67a4c4af1e31720df6cbba433f81f6550c89cfae3521897b3a7db7ded3adecf75f4fedde74e6ada8fd81d0322181c41b6f6f4625fcbd36ebdf319ce6d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe68299d.TMP

Filesize
2KB

MD5
8fe4e750afa4f884d007888518cb0288

SHA1
9062a91b6301efa1e580df14e785f129a5666c84

SHA256
038bc569a1bd69550cb4d82e0ba1d4b170a409e082e34f1da13699607493eb13

SHA512
83a87e11831fd7490312665d638f059488502d14d85ca92dfa4f60e0930b34208611916fc720cb233e76913ad0822653cd045f2b4a9c14191830ab714937f9ff

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
7e5f3d258fe01cb72f7816ce04a2f644

SHA1
12c7f01657f2f425f1e33527feb2007ac0a69bbf

SHA256
ff6ae922743a55af19cdb95a35243ef370adb71845ee9f4ac2bdeb5122316643

SHA512
117338e13eeb60e5ac08984a19f76166b9b99ffac4988c6174e5adb8205bd6ee2b622aef52708507475883513f8a16cdf0a9cd5440e9455a9c59d77a36084227

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e91c6d12de2ff0b98b6cb4cc77f90ab5

SHA1
eb06a2adb9e6137223e09650c1398de0f6a8df88

SHA256
3a0f65d4c80dd762ac92bb9727d1113a8f99440c67d6705434143530de944aab

SHA512
7e1dbd775651938c6b422da79a2cdcc4f5646fb6955679bc67138ffde3558c161b6e66afb44f42b599d0c8028d4798f0000e1148e258cc6c3a3b4c61da31a710

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
69f6b89428460bf658ee70a877bc145c

SHA1
e74bac6a8136dc05bf861465d5e677fc416d6d8c

SHA256
fdf263bc4e06be428e4919657978157a12ab6b27e0526a962e89140df793f156

SHA512
a583afad5ab1dab9e4656e7b1776e05b4d31b163429019e147850b7e2b6ef181c3d3af6c97042141a9b487e1459f19a989ed0c994d2a86ef0a488dbdd23deecd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_1336750446\manifest.json

Filesize
377B

MD5
1ee6fefe3b23c7c7a8059c979886b744

SHA1
aed05f078d9b3da40e63a991ca07e36c99d67633

SHA256
ce710effc16c600f9b09699c3dd82c94ef60f63c98411d14dedb6c5dfc201d28

SHA512
9b609cd8afbcf2c53cf71dda6c235914155f704d7119090658b55ed96b28c950c110cc4a2955e0780a2efc79ee78bbf46a15ee65d7144ac991c6748a3f2892f7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_1422555074\manifest.json

Filesize
349B

MD5
c2aa2d6bda7acddee117477137bb0163

SHA1
4ef6fccff382121d84c22101a7f4677cf056b22e

SHA256
cc55f3872699ff7cf5412491264f129c15738daa070001ea029cbf0a8e97dd47

SHA512
34f28a91396718921fcd6e77a08346720edff952ee77485c9ba76e2839d1f780df2e225b5adfa2dbc55d68fa7f731427bc52019a93b55f2f5f24cc29dba49221

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_1878524882\manifest.json

Filesize
385B

MD5
6f26172981ce246f21dbc1d853ec9433

SHA1
a5461d9a26128670f2e2bbef2d1e7578f672a183

SHA256
21ca7a61f92685256d98dfc78b9844e7ca784afa51fa5530a3dbd3ee6d79ed6b

SHA512
bdefe588284e50e42abb743f3d04171823d2893a6d188cc95118be7dd292c6cd91d3eb827b54d39858698cb526b8e75648688b62bc463759e5b95b04fd09b847

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_300313548\_metadata\computed_hashes.json

Filesize
250B

MD5
fe5222483493fd135f737ee8d96c6ec9

SHA1
f78f932efe6131c8921262ae9ee131cf70b89444

SHA256
46a8f292cf4959371f87fc099e09fd279452654e56fa603299f7e512dbb010ab

SHA512
9a6d1f04cf4789a2df6d572d5fd516ad8b412530c86b4cc22588ec2405b5ec8e7bd15553aa2de01c37b5a8af5c3c7504c0251aea171e864620180230018162cb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_300313548\manifest.json

Filesize
408B

MD5
25e45b88de59ae31ed14c753d0ee98a7

SHA1
a1193ba5afb2ec60d42b36dcb6456da21555b1bb

SHA256
7b65ad26e9cabb61c61e7f1018632e36fd342c29c1079b83edea2114b0d60c31

SHA512
a7f7e538f12d65b93af9d926b330ae0a3ba9ea547724a5a7fcfaa8bed103d1f3813fc12115bbc56ff80c3da384b74244ce37e58387cce9b10a1ccdf2f779b29b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_572058819\_metadata\computed_hashes.json

Filesize
250B

MD5
35be4f9b728230644568bb742bc8594e

SHA1
ee4718273b5599b297bbe6917bd374ed57f49732

SHA256
d8bff8ba892ed75a5857dfde7aa24ee5194e31cb64488a350299db9716887287

SHA512
c16a9a34fab820616f386e30862bf4928fc271dd8a91e251daed65ab781751bc4ce925172136fab4ff87d4a4d2f6481af18544feb13ec2898e5585a594476877

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_572058819\manifest.json

Filesize
407B

MD5
7488b6d6720532f4a267d26c247141d6

SHA1
8c94c0b8a7da8bb87085cce4ad42641ad3e8a842

SHA256
fb5f4468336ac50fc71dee3568ed7bb2392952261076ea306fc9f4ed5972bde5

SHA512
8567b3e896b5dd0bb3608f3fd65fd8cefd284ec4ed5dfa2d6803a962ff41d2c7a59c933f4dc9b9c7c6f6ffc4c0e8e85f62974fe3fbb09f758c2025523355dc42

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Greaselion\Temp\scoped_dir4592_701173362\manifest.json

Filesize
420B

MD5
77a056099653b11bee79b20aea9a815e

SHA1
fa42bca6ebadee0ce1beea9294372b7cda4b7444

SHA256
550763c0c6a8485169cce92fab5ef32ec642f001bc0ae98a024317895e40cd8d

SHA512
532e0fc9917d6409f771892557cd4e6b6ce926522131df42eace5faa22db9641502e5e6ef23e91094a0b65f85c7f223e2cea1fc05078d67f493babe446132d08

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
adea53bda3e6626a275825fa73c1deed

SHA1
8ed5dccbc645f54f3f888f25503f16d5ab3a551d

SHA256
d260888e8faf0ec41a9ffe17417f7b5d19357bd064d0d8dd6bc5a1efad0527a9

SHA512
f40971430e81a65de0e69fc1464b4ce9f69c8ac2f2031b8574b2fd98e9767a2e04d0b4907e2545f4d652ae4e4c977ad715bd94d92f3c598c5146a537e233c63d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
aef0beba16aecd170cfa0d6adf26f638

SHA1
c0af2ed6635b4de8ddf4f6f06fb1e8309ef93278

SHA256
b4e74d6d5661e37ad2d2789cdf505ef0b8c369ec204ad3f7d0510b579c3ea742

SHA512
010d33e14951cff6486dcf476dd28f79ebc5c9f849586c20d6551f81d805fea6e151494ea8532589bb50c02ab56f1094c33147913254d5298d7dc4247bcd3e56

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
3a49e9e003ed14aec1e1f89302ac9e0f

SHA1
122b43b7867408b72ccc5d2b9f6d97bdd95b7269

SHA256
e9d5597c5ff9fe4ae0d40442fc598f1c0319a1ec2b59cf7136c81f3de7811225

SHA512
3cea4c3372e611588d9a72d25de60e15a6a34aeea5ae9a1372f4427680ed7e1bb2551e2dc4572c113c132682cd44590d51628e1a186b3298f309e30719879d99

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
62KB

MD5
e68f1d36e41ec57be017f88545bd98b2

SHA1
29ab00270893d788a80078627833589a848ccaff

SHA256
a693cf84bece5c0f1a1bdeb2e0504aae7db6b3e64ed6dae2e9d3010492ad4422

SHA512
a81f914e38af75cd069bd863e3dbb9ffbd8a68aba477a39ba65048a4aa1be050abba5258f85e5c3944d5ab13e586280df4113e931aa1bdc3befce3199f3b42d8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
9c287507dc509ac15b65c2c166523447

SHA1
1fab5102eb60903ab97d4712e9047e2a7e26ef23

SHA256
035914e45039ea9e10670f707a86e072a660100af35680a65a4b5320727e33be

SHA512
126997d186baa3a4ed2002d61059d32561feabe69405744d2ac859c27c4bb42fb02c939adb68f2bca45f9a9744e82f22237a0a9a5e601c72acd4dfafac0fc2ad

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
65KB

MD5
a00adcbe981635e2b06c7f9074b58e9b

SHA1
0d41bcf0f000571a3d3c22bbd82711a3c28fac87

SHA256
66a0f118b94e8e9a902b971fadf91e2875d1ca6c54ce02274dd65f90d1a546b8

SHA512
1184ca717d176e30cf566fba70166f1b2b6d3085748a8ab25f223b3012f4aae1c6cc148b7f06292098903f95b21e0ba0896c6193ee515d2b7a30ea5557c4f322

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
028a26fd3def222302b061c7ef983687

SHA1
540b2370848cb61f17424492989e8278666c2a27

SHA256
a6ccb1ae630e9abccf4fa31a8df18283bb2ce61e8f2179e4c9587e885c945c0c

SHA512
e2eaf816f456b35857e58c90cf9fad4d335abc2e833deb9c9468903a420b31d31a472a292bc04b43e3c6c99aca8f3e27f9153e4a4bf43b962e2c48e33de738c9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
ed200d872fa56cd784f3fe05be9b049e

SHA1
513dedf36691362129218516b26c26f98ccce4b6

SHA256
59766e93850a987a1f54c6d4ef6e2725ef4f5f6035b3233cfb2a562cb0613b5b

SHA512
387dd87544d6195a2d35f0dfb017050b8e0a016f2839c1893bbd33346b16a075315c016a3fe468615eb346c68d96e018663288f48efdd267f8ee686ea66fe836

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
b2936ecd7f98f4ddd74100de7a7aed40

SHA1
ba5e3a5305aba97b1c857fc6d6510eefaea608de

SHA256
215520855b6c0db0ba2dd2bf76e158961ae15769359c5bcd143f8fdb29f00e8a

SHA512
62fa60748dfbf04f8e48de776aaf3052b0c09c2f73e2f037bc3943b77b1d238c902b2300eec0955f4e2d14028f8a80c4d6f657914263655ecc1ccea30e0b0ebc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
3707553d4dd4746c266edffa799c43da

SHA1
674fa0b0c25d5c0c0c727d7c7881da8b304b9924

SHA256
52e945a0f2e69be75828d28fc80e98ea8c21a082505545e95edce1f7f4bffe54

SHA512
c546947471894d0856d1dbd01e5090169eab14bb18efb268ad774038a8d3003772be1f1039b0dc37c793c50e0ed3458bf08f6d54ac2795d0cbaddfa88cfd67fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
0b81fad9747f9110321ee9bd5312e85a

SHA1
740f61218cdb6eb2a3e6335af4934fc4f71eb164

SHA256
f0b0b87d2740ef9f2e3ad11dd9987ac84c61d8f240931b50dcce37b747de8d57

SHA512
73ffd8d1595a2d475f9147d790fa4e4fa6aa572f32e290f658c473aae8abcfb3bc7ffd02e8670c5b2e5abd57745b573e9e670ef11421ed35ba500430a8c0ce1d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
0532c6267e10f7d2c8e1facb6dedb3f5

SHA1
37f06827c0e0810de518415c597ad5ef0fae1b05

SHA256
c7a4c5bd133ad985af1171721ffdafa47a31d065c5eb32722461e02cc5e27a3d

SHA512
fb1d28b17f8f9f050c569d4bb90b7e91c231b643ad1484088eed250fa23b66abaf97c8ce4c9db1d4614032168ec487f4cd8abb37f094f8bd8252e0c77e4023e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
366e246b08b321783c3f576937bc64b4

SHA1
e8632dd8617f2f8805efa79a6bc3f9eb344ce8af

SHA256
2f7c9d5afba7f434f9f7dab03ffbd629456c0f77f01e7d97892cb029def498fa

SHA512
73d06f5db20e715a2f6427370fc3bdef360af36acdd33492ad6017663f8459b929154629ea218c0f97082ab6f58e45c574e4f351c586dcbf86b6f9070e9222b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
56KB

MD5
a732f8ac091f1736950424cdda7766bb

SHA1
d9b75e6d5b0a41d1b399c270e0eb4d60809da4f4

SHA256
d3bb9a1003c31cb120ad6dc2d48b132f946f119fc3f54a796e2594130b98a424

SHA512
d6da414f6b698581ff7576ab96ee597b4ec37ca02425f83e5cdcaac783d7c45dacace960bedc7314bdb22ae47536f38cb6cba3d564afba2816912be073951578

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
69KB

MD5
a12a68616c33b577105af775a3ff552e

SHA1
6f6fd8d3235a4c32a2d236177c1fdd0392bf0cd8

SHA256
0d93f02165359aba5887ed636f7e73e744df3e6e1e20bf1182ec77bb72db768f

SHA512
cf7c7b87ee2c9bfe0b56039c8038852186169265b525e46a490f5cef24d3b86930e02d9496d8a76b0cb7e0429e950021e43a19a545f47fd6e51e4a84390868e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
53KB

MD5
be41b16addee2acafb65ecfa22b3e461

SHA1
a15f4d699e52369a5bc8b042b94d5b90d4f7f64c

SHA256
f32dca8c1950a7b2da6cb8d404c4568e329dc5ad35a3adc47795e23fbdfd7759

SHA512
860a4824f67b94b3a339201a8aefd9a71c73471276533de2f9c58229e5f8dac0ba63a1595080a566d0ec8fdf79175c710438a5b41723e4dacd07fc7474fdec41

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
65KB

MD5
39649bd7d56c99c83e5e00f64360f2b3

SHA1
941a0698c04f3e04f44d841cbd355698dd5688ef

SHA256
b6b312d4d774d54be9f00e73e4335c22b42484eadbaba066941146cc2f24d972

SHA512
b2b0bdec88803068b8d09f82581eb83c8ebc9048f0eec67443a143a57362b3d99d90fa6f435718a44ece10911d6a86ba58e80204a5ff399d9725fbc75555ddc7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
53KB

MD5
88cfbbbee2dce3971a590eb5fed27189

SHA1
11d396c8bd49bc1aec83e3679a927a1592e77c7d

SHA256
c809a5960b3ae144004e6c477955b21302d6b5cad11fe5df2a696204de37901b

SHA512
f33c180a6e43715c23a513a84ee90b8e0a8bb34cfccb6772f44344e98fb274e1db9ba6cbc2e6819f1cc34b4f2c6a37976a8dfdd402991d5f3b475254ba014ae3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
c7d4c6cb8a61e78972c6dcf11dac261c

SHA1
bda5e947dc13b6f80fdf9b14f3a1746f29384a26

SHA256
7aabf2011f3248275c39180bc30b155d39ff146d48f836f62e3fd2602f84dec0

SHA512
be557454a2eb10f4c92338fb8a44e254d1c0fdbad33c047cb2492d77837361e8d4f38afebbeae9604dc93d42ecc2dce937680c0fc677f57f2fa9c2d37704a5a2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
66KB

MD5
ac797b4240ab1ce166a554b03881893a

SHA1
2c58b37de737a8d6a90d17faa55e057a04d0f3a8

SHA256
5c48f98300651957400589548b5c8083dc761c7ed6c1ef726aafd3a7b8853d79

SHA512
6b0adec6afe863e0a36fb33bfff48cd1eb6ef0083e74314c7feac9383e55686917e47c2d757dcdf68d1c8748c026c715184ba8e96eef8c85e95dd0a5b7f28bb5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
66KB

MD5
2c2350d02b57056fcb85d1705ba4e1dc

SHA1
49e9ba14eabd9605d34e33afeb74302b0220567b

SHA256
9a79753e440b507dfc9c4e7c5242b8aa419a1e1ff0e9b146d6fe16973553388d

SHA512
dd854801078a45824dbc35decc3bc0e17ab05d6f61994cb86c8da539fd3532311d9cb22dd31e27b5ed279e79c4dcac0d9c3c3f963283cee4ae99ece1ca2742cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
03b6c9621411cccf6e0db7a1890eb4f4

SHA1
48bbb5814340cddd9740126c94f328cd2369f170

SHA256
3293d0bf6589557893a9c26a671bc749142d0527f6507abf6c9b40aa317f36f1

SHA512
70c64f815388fbbfb2689aa8d693bf554bb313a50ae4b90f06d289497fd60e1c8bc1b4a69a808f0ac45105b525106ac6e2202c2513180c85e0de52c12e7601f2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
66KB

MD5
9de87f4dad7d8efc52c040706f4a257e

SHA1
796e60eb099231fbd9253681d0fd6e5ad1c7939c

SHA256
cdc87068aeaed6c57cf05ce794031d3ab8b3055dfadfd684c05ab7373f0e4079

SHA512
8516f671f4fec21a002db5247f53e044ceba36f0e6c71126fbda4014e9d73e7f90465e234e426058034f63f4745c503f4ea7335d0b3dd57f054de72dc69d4c85

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe68026e.TMP

Filesize
6KB

MD5
f62e9b882df5a65e99d6e271ed1dcc24

SHA1
9bd0312c41b5e442bde830b713c7e2a2fc3a3dda

SHA256
76c24ea4e418a5cc72a056054a27353cd0e0d992cb5d0c67bbafd587106db7bb

SHA512
032f8d3749505f5fff09ab74186de0256ff7a8d0de9b7ecd0cacab98343d79bb23f5fe8796cec59221ee882a6fe42dcdda8b946fcbd8e6cdad83cedc40a22b55

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3041\safety_tips.pb

Filesize
157KB

MD5
ff0d0e8971cd2935492466d9e7ba0726

SHA1
25fc9f246ba20f9746379c5ecedd96b62190b247

SHA256
6fa5c3c4a62de460538d30ef7cbb0eb51df6cf3770501f33f412b40b225dcdcd

SHA512
15bb355dbe7c7ce76732254ad68505142f9838e3e1cb5c11199d9c8b3d445be35e07e5a75fb86b3183a80a4c110847e16c1ff730b1e5847acd38bf8c6ae35c0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2024.9.29.1\metadata.pb

Filesize
32KB

MD5
b1c3a6c8604164a82e5af89b09e712ac

SHA1
986d6c8f828e58cabf5d8bbf2192c37c5869123e

SHA256
8e25703ab06b2e7ef5acb19760210fb4b42ffe104189275d8f779c281cb07fc3

SHA512
80b0fde84fbaccb9f026d6e1cf57d15bd2350555a17721cfb9910c9bb845f2d4259e0d5b0e00efbccd7e00f7079037433f387dcf526f62ced0eaa0110f52f1b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.222\list.txt

Filesize
129KB

MD5
e209549d5e3341eae9ae22cbd8204916

SHA1
e351088160867b1a0b7ba9df53c8d127409b05f8

SHA256
1072190df05d4926da66110c28af059352a75d69c297c21eb56e7279ef6550b4

SHA512
f473b452e9afe21a11b8719cb5741e2040ef9888ab11c42868ff93278d4b6055400e76515191407a16f7c5a38fc76c9363dab77b0d4f83670287c8a75081d173

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\clean-urls-permissions.json

Filesize
169B

MD5
5d882c878e15a24f369caa4785164655

SHA1
fd1d173ca01d1c7d83c4f31650bd5bc7a6f60c6c

SHA256
6930726386e89cf7e597d9907985af52ef8797d01d723c1d0ffb5f0263ec1a31

SHA512
7521233393b0989936807c8d51ea1aad486858fb7ea85cc2ab70cee45b0f508898592c1be9d6b7afa93ae9c5ddc77977725235abf760b27bc90ef54765d610e6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\clean-urls.json

Filesize
17KB

MD5
01f2b4b3400105ca40c0070c2a9c5f46

SHA1
a4e556b4ca51a2ce4a53b7fdf7c2542642c13d02

SHA256
571b2fe64a7626f2838a599296748f2510c6a52a405cbb8a8c65e0a8935aaddd

SHA512
3be9874fe102468025187d641c87383269ab737137b34b13c119d1d151c15de7a6bc27509ca9aa5163ad2a62f750586964be4aec9a61df3f799344da9d3d364d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\debounce.json

Filesize
11KB

MD5
504914448447644c6f2cbf5197f330e4

SHA1
f7f8c56a9a5d0c13e0b866ea0daa659d9c91cee9

SHA256
4bb09349ef5d3f208213b61d6d0debbd37e469ebe99ffab9ca0b11d8c3baeeb0

SHA512
3d3af65fa46bdcd08eacf74b10e921ac29b443a86b3e7614064c4e00edcb20cd9beec0b36c38f9d88e19a23e4a97d8abb066f1676fd7d2d2bf82a4b7d03356e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\github\githubBase.bundle.js

Filesize
2KB

MD5
e7cb1f457c1972065f9a5a5821ed022e

SHA1
e8d135731d52cee0975327c99d1a6b745937c36c

SHA256
a00d426c743f719cd74ad64441a8f7fdabbea566893c29b756754db91f05355a

SHA512
de79db36ae1e042121cc440b21a5f175b7a679192df11883f304debfe3c1256955e13724d47ee3cc874e63fdc9a0b50d4b57f16d8d127d8106dbd0dd73cb5dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js

Filesize
3KB

MD5
0e7d831110979936c383c74b060388af

SHA1
e9f8511b9862cfbbc27452a9463a78b44901de4a

SHA256
d046760e839f120547d179a8eb380cdfd07db89ed256d3b95bc975161d075ea1

SHA512
8a449257a396b0df25a19211cca28162dc12e5a22144b48996d09111181340d28b79c49610a7fcdc702b5571b0d4ad21efec890d39bf0d678f4842b1d93e629a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\twitch\twitchBase.bundle.js

Filesize
2KB

MD5
4dff02b3222f25ae7138d884fefe8e8d

SHA1
58870f0e2511a66b961ee893b332c1241d235ea6

SHA256
0a21a4e6173432a274ca9b9ed8c13a4845675f20933a44a1d053c0d12a633447

SHA512
0d031ed3c86c8268dd3c01219b3690948f43dbf87870db2af12ab9c60b02b1c8212109848d358a5870a17b8d1d2599f71918690fa0e34aa4194f210e326485b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js

Filesize
6KB

MD5
e8e3a3b86a213e78fda0747b13509f77

SHA1
299675e628fd3165decd230516a1366cd8510d34

SHA256
cbbb43dfb2a03373e93c858a8bf87c0d5acf02a1352bb39b8e3691f5fc9bffc9

SHA512
d7566c0e7115fdc6abdf82914e072ce25f7985c6e1056a849cc4f25ccee3875d8519e8351f6138061d25ef89c8410b30ff305db74db3b6853586cd1d29db619f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js

Filesize
4KB

MD5
bdf49604c55dcc6e0af6281c83158f68

SHA1
1352d66ba7ba76efc4f7e4bd9e8d79cf1142b275

SHA256
4978086aca3e6ebf5bdc84494f31a388ce7955fe8bfc043d75cc8306aeb437bb

SHA512
8c3c7d69ed8aa2177bd3e56b85e1cf51e98ab97a551df2e11d9b2fb1907503e5ccace21f895d5a61189d6c351ebd828a779e64cef5114c18905d19a1964ab648

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js

Filesize
6KB

MD5
31c947a91169986cfa3558f1ef9faec9

SHA1
50d23ff4bb00edce79a4160ede1545c2c87b5a08

SHA256
90f326796832682ebb6533eec08ea34d29e8a864f949e767e3c047b225189a94

SHA512
22f66c131abaa03d3a3aba5f1b03a9f0bc355e528468d9740262218e855c4219e891cfef463e4ab5e4e6559f6c49301fe2a70e8b342f5d3eb9c577ed262bce63

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.912\1\webcompat-exceptions.json

Filesize
2KB

MD5
493082f01b0e9a113a1c4dc0c507c11e

SHA1
8737bb0bb211c03c4a65bb081202641ff91c17be

SHA256
bef1139d0da3197715e2831d4c5a36efa9f6dab38a4bc9df6e60895e7ef19d96

SHA512
44338894402e7572747c8c58e5bf613499b3c25afd46a9d4d6855c09ea8a0b19bcfcd00a37bec9483d0434206ef80e46b02b953754c928473e2a15203f797db9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.8753\list.txt

Filesize
52KB

MD5
653c66493f88fa5b63200a9745a59aae

SHA1
c76c5c9e206372010eb6a82bfbca20ad32330c0a

SHA256
e6c9fde1c3d0688b934c5a3a31c489b02c558f7010410f9443d165d97bcf44c1

SHA512
96b1cfd45df54a0529d3ee3cfe767cf288d10efd3c3fd9afe14f533b9eb67d88180c9be76666ce2308cf4d9fc56017d6d243d46421d4e987a49de160652a4f50

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.9547\list.txt

Filesize
1.4MB

MD5
0e41bd41f4db91a6cdfd1b4f04594fda

SHA1
b4efda4b9c97b4dde4922f0691b25396830360e0

SHA256
f3bb502701bddb5b22f2ac9bd0f90f1073cfc1a2696d1f09af4edc227309d302

SHA512
847a2079e9f62460cfb9b7d96c6fc996aebe80e8db758ccf9ef4fa9b16f92aaf03f7f435d30bc01249eb19e9d7130f41211187e67a4c6cc502becd6fbcc451d8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_722524ce8e49c94a676b92024c3a4048b7795461f96faae3147bf4ee83ced19d

Filesize
42KB

MD5
a28d755a46de680906ddec6765b2caab

SHA1
382aaa55eeb63a24c388a70d4a7248b5095afacf

SHA256
722524ce8e49c94a676b92024c3a4048b7795461f96faae3147bf4ee83ced19d

SHA512
4f0e92cd67ee9c89ff03eb21742721e957a5946fff63d40df2a99b70dbf956b60a0906df610e126b3b8208207fcd0cbcbe06ab9698d7980f0ca1e54aec13fdf1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_d99fea4df0fd4e7c18f83cace2f0c9990d2775b00d67e2cb3c17844b021da165

Filesize
70KB

MD5
000fce774b9138fd3a3987bcd8979af8

SHA1
d9446366c8a032dd05d3edae43b5b96051cc8d31

SHA256
d99fea4df0fd4e7c18f83cace2f0c9990d2775b00d67e2cb3c17844b021da165

SHA512
0804ca9bd9a2d4d2488ccf62caf4f72f53b22a8ef8896a64273da5cd12911315f553dadc7c0b0b18de8d43a74353e03e1b147e481e0bed81f349d69591537886

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_f77b05e5127af6455dede6021bf19cccf6154a25ee6fb8cb312c8970c7545e34

Filesize
16KB

MD5
2c95faea78c8071412963b9a8e6d4139

SHA1
fd346bea2b63fdad1bae1f372b9c25dd39cb33f4

SHA256
f77b05e5127af6455dede6021bf19cccf6154a25ee6fb8cb312c8970c7545e34

SHA512
376ec883ed703492af50769ebc879c0488a47ee569b7e8794d614ead3e7aa41172d71ceea2084a3c266f06407dfc4268f6669209d55d7219588c9136fdf58113

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_de8ca26802667fb7680d06cace197844b902a2b6a35bf019d1754c4e2c9231e2

Filesize
403KB

MD5
64de58e9f8ea24b7da3f132243afb3c6

SHA1
c7782d9001b3299eea50f34197192f91d3ff4450

SHA256
de8ca26802667fb7680d06cace197844b902a2b6a35bf019d1754c4e2c9231e2

SHA512
e3c2f577d9e8d55336c1be9c9fd1551075d4c651c01ee98f30f4b871cfdaa8d26f8ff1a6a29c96586fb02c58b472ef6de2139272065059bcbc6154e1bac1f432

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.4e6859e7563ba74793aeaeb5d19c6fa4fb0c1475a138c246457dffc120d3c899

Filesize
152KB

MD5
91b2a3deaecfe98a5af360021b5209c6

SHA1
c2ee0231bc4573bca34c66bb47ff73127ece9c33

SHA256
4e6859e7563ba74793aeaeb5d19c6fa4fb0c1475a138c246457dffc120d3c899

SHA512
5598923a0378d0e3f843613c850fef25f7d04546d5fd0a9769c2f6ec63134e356edd853cab8b232edeebcdeb30f0ed329b29d71bc16bd80bf320c655e9e594d6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_5cfaa81c9fb237dea1e577854ef5a3e69945e72a959e3a133c262c3f2652dba6

Filesize
1.5MB

MD5
fb27963ad610f367ee9a774d8f3ea75d

SHA1
3035107ad8c13a5345a8a81b60b78ef246d478fb

SHA256
5cfaa81c9fb237dea1e577854ef5a3e69945e72a959e3a133c262c3f2652dba6

SHA512
afb1744e0d5e061fe25deef02e0bf53fd1715b954090040ad661b2c44796ce28e150335f36e71cd2f01533a1720d2d7f6c09bc4c3e83086822c66d5cabc2f645

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941

Filesize
8KB

MD5
be4bd6e1ff889a7bbfa11ba79fd1180d

SHA1
5afa96a648721fc9d5e5679c0beae33986c13124

SHA256
905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941

SHA512
78a2aa93d0bfd933cf3300c2f13004551ddfab104a4ff63841505041510e60d327a803082091b9ad9dbb55744898d2c145b055f495ecc311df65abccf192324f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_97ca8cf8a958b4af5a4243653fc156cb18f844d170b0783616a649a8c71b845b

Filesize
74KB

MD5
e01badfb18104fd739f52707b50b538c

SHA1
fce3a3a9b79285f2d2faac116bdd5bcd62464339

SHA256
97ca8cf8a958b4af5a4243653fc156cb18f844d170b0783616a649a8c71b845b

SHA512
54f2187b25c901a12e2d4303db68eaad8a71cc4a9d74e9053d2595b1d3ada014f6a0035ce620866a2b3b70a5bdeff4bfa4dca5efdfdcb251707385ec77a81e5c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.55781c45bca188ca1e02cefa5e00f0d342938734cdabcf58f19da7143da45e3c

Filesize
490KB

MD5
c7f0da17c5d582deb1fdb0ad3e2d1a4f

SHA1
2073a323aa01a4b5a1d2d7a817753de9482c6b3e

SHA256
55781c45bca188ca1e02cefa5e00f0d342938734cdabcf58f19da7143da45e3c

SHA512
95e24105f1b4daddf49050726bc0ec7ee1da5203810aebb62286fa0dbc19f582f9e878360f22031ef1d53d9b4cacafb85d2891a288a82c91c11f1972d72d468a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_9db598e9d32eea4ccf5668d2e08b79036d0c36ef8d4038db695a920316366ac7

Filesize
17KB

MD5
afabd1ed51e59e00b34904c4e84688a3

SHA1
69401e9d2c059ab6918ffb15d41b078d9dedd8db

SHA256
9db598e9d32eea4ccf5668d2e08b79036d0c36ef8d4038db695a920316366ac7

SHA512
86959939f20d2d2a897601e5631d7bcb31a3721580cbeda772132d79fee7f6e985c3655cc7b0d239f5089280bf695739bf1b5465ffefac3963525eb9f7d83307

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_6677d827419f8f31caebbda347afa53ffc995a0b8f3bf68ae8d9c3763281835b

Filesize
1.6MB

MD5
850aef708d8d0603cc2d9b0891054611

SHA1
3fe9fa5cc0b97fd3137447e81d7214cea354c22d

SHA256
6677d827419f8f31caebbda347afa53ffc995a0b8f3bf68ae8d9c3763281835b

SHA512
0c636852ed59bbffb3a29072f20979118b2233a2383440c854f5f2152e7e6d23c303a0e81b08970d944fa7b9f4885be78bddc2b774536974ad4d25d41c536f7c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.b629ac5cb4fe64bd0574459567081411d03f5352dee425a03a44f101bcb625a6

Filesize
9KB

MD5
3ed6d97a12081e7a14bc8a423e35843c

SHA1
09a5040cffa7550d43978fbc4b1c9a323143c191

SHA256
b629ac5cb4fe64bd0574459567081411d03f5352dee425a03a44f101bcb625a6

SHA512
c26f93eff2519bd75d43e098734c134635d9e26d57085f0819ee7da1ff9176aaf98058330636ccffa0ba556f3b1215f65685ccb41e211ec1f8a1e92d70fc104e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.bc1b2386430712e1987c7dafcaec538ede5833472eab5f5cca22750581de0829

Filesize
74KB

MD5
c30e43b76a50733ac379ce865a1425d9

SHA1
0c2a9bb2290874c6de53d21c2d2eb64eeba7bf3b

SHA256
bc1b2386430712e1987c7dafcaec538ede5833472eab5f5cca22750581de0829

SHA512
0916ed06167d3d574356ef07586155b0fd4d565d8065f7a50de920809dea3fc4f6c71500e7f114a0d07e77e231d630d589a42c857e6c96178bfa2386f527bc97

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.8aed26106d9b12205a9cc12ca05a8e0c347d405a5db4b77f28b3324ead0bbae4

Filesize
5KB

MD5
9ba6b229cb1af40f2e28509d5e31ce29

SHA1
627cf719a46a774ccd2bd4ff15fab4df72f99db4

SHA256
8aed26106d9b12205a9cc12ca05a8e0c347d405a5db4b77f28b3324ead0bbae4

SHA512
0cf99f99eaecac089a39ec9e661419ff4af7e6126465743704a38965c43b6637e6085e3f62c39dd548b7c07ffc6c801df74cde5cda224b7f24a8d2f621e26fb5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_8e11971bb03be8a8086582965c375337ea3e0d74480e5a21d09de09fcac3b3a6

Filesize
167KB

MD5
40c584ac9d527059da5ac6ca8b4cdde5

SHA1
0f85e69c20828d2e7073f088425f4f788dae3b43

SHA256
8e11971bb03be8a8086582965c375337ea3e0d74480e5a21d09de09fcac3b3a6

SHA512
35e757794d8084d87b86927902d747e226025cdffac30c13494d9010b8dcf7d6d14e6dd86d57d0a712c8220d4716dc4d3889113f2c94b3754ac913d92b06ec67

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1735\photo.json

Filesize
1KB

MD5
456f2bdbe64cde62d165b3fddb7540ae

SHA1
81ced4a1bc757cef11cecde5b9b026b8a104f841

SHA256
5e8f7d46780d378f48abbfebba0b8a60f70e555beb52bc191b5f96cd885d10c2

SHA512
9241bfe12ecf68514cf241686cbc2281d0fcd8bb4987e486580b8f231c11b663fb3abe97cf45a07598db53f9c7c1ffb8fc4fe476fb4d595981c173067da8642d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.67\list_catalog.json

Filesize
76KB

MD5
b5eed923eb5ec3c7dcd81abd1a2e752b

SHA1
360efa6d82330ac6183a145e5d1043b0e36638b0

SHA256
c49c903bbec73402721ee133e58aafbaab4ebb3962dec3a4fa70007906f7d645

SHA512
31763b77240f1220938baf3f0c9c95963ae7dd3174d8188464187ba7619faf5a03ac66cd635396b18322d0dd46f60201656ed94edf90b765ab53852ef3a81241

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.8138\list.txt

Filesize
5.6MB

MD5
20b6cf0e2a3b92784361770eb0d1edd4

SHA1
46506ca2a956a58c5dccea9caa96a2cc21c7789f

SHA256
3b0398159c311802093b8342a8a3fba65beb2f142c6fe56addda425f5f892d27

SHA512
3e1ce5fd624eb3a0d863fac70e398097e032acc2a9280951c292a734aae10117a9fc52be7eae29e2c0ae85b67994a8d4adc85ecd8d95f7abf52f8c381a51b306

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.99\resources.json

Filesize
1.0MB

MD5
8859e55f9f57608b616d8f5ec17d753c

SHA1
0703304bbf403d605dbc2ad83b17ebcddcb532f1

SHA256
89a6b5dd233681bf92d2518245feb15da33525817383496b768caa2e0c178ca9

SHA512
2429240208682fab1c56885b5b3fd3d96bf0e2c2115232dc326fb687c8e2aa395bcf7f1b0a0b5056c22cbcbd43f99b257f8ae06b8e9038f260cc6fee5b5e68ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
1.2MB

MD5
068e09e6be13f5fc296df587f89aedb0

SHA1
29b1da744042381ace0bbfe1f5a815e87bb60921

SHA256
370c88a1be8b6ce495d883f7de10cec9d8e0fdb62438dfe9966b9f45bb166062

SHA512
424b1a55ecd8c341fc7abf95b27bcabb08afcbe2daa1e5956baf843bbddfc644dab4aa5badabecefe7564d0a710e97bd8ee5b9762219f491f2f1f299e9b1a2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0425dd42bf0cbf3d3e0d3119eddf4f08

SHA1
748fbc3a2f2c647d7243458682f55cf019ee1d8d

SHA256
9ae358987dec273fbd086ede3c2bd8f4ebc951be24aa69daae2e0caaf5fc3c1a

SHA512
34fc24910065a0acd3cb64e576597892b67aeb9a701be931c0666351bab70026f62979a5ee276c30d174bb627e19e0cb6e7dd195e6c80bec3b23ee84c749d284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ed03bbb0977bb026e9bb443dad6180c0

SHA1
0c6ec68e4c1358438027fd1c4e04dd0fdafcd4d2

SHA256
784951e3c7879d352f89d8dd222bf84061a299a8a94668139c236bed8a64e939

SHA512
b3ee1372bb4b9495dc0c80fec21cdad4d1fe0ea011d8b5bffd012444120b3acea6c88b6edf299a96ad63764e17f942e8e19c3f5d3a91bb5177415eeb74139e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f89da19fb399ca3847354d1085316481

SHA1
d02616a025c3d79f3a761d8c99d134dd95cd8720

SHA256
8a2088c07249abcaa8532b84bc128eef27abcb646c8c600aef255ef5b63aa12f

SHA512
7fda7df6218cbdb8b7bcfe803d491bc076aa4740b1892fb0f4caf521fe6ea7d749ff4668761ac2e946fd0dde168a1122ab6d4d7bff3cb8ac26d1f83cec953897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e7a8f6f0b3e6f2ee71330bc294a8b4d

SHA1
8340806e9e537cc7ee86f71fd5b9aeed29173646

SHA256
03a4560ba68f1b23b617d9f644dedd43bbc4329ee5bb9c245ea814ecab144dd0

SHA512
9619b878f77f15a45cf38371dcc3a1a999bc40e10525e7102efd94f478bf9edd70f1ba5d93822f1d0e4c388c0cefb4c1368295acbbb53cf8ef71be9296db10d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1c142e80538bba5a49500e023dc3b94

SHA1
20872382826d5fb882676199cd75bb6532e4f490

SHA256
879e8ceff8464d847670ca587b0f723fa69cf646371a8525d2c80de30118d6ea

SHA512
06c57e4667eab78d1fa0b6fc1ccd2c1fd9f67780cb93599a1e3f083147346da7333c2bd3aeafb2d8cb9456c22016d6898cb0878b9f9f36fe33b7a49a2a54e608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b1dfdee4cd5435ff3d6aa6e344998608

SHA1
482d98e729a4d632ddfe4f44fc3ab79019d79564

SHA256
53b40f6b8dd3d7407dc59a40ce510949fab4745877aafc9bf3189207fd278ece

SHA512
c5cb5af2fe334c717177cd62bf9e285dfd10713ef6c5e5655ca0eb931147eb7305f8391c5f6f4bd2d0fb84824c365facf20f7bf20ac840eea820bb43227896c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d37335ca96b086aefa53a95b3edf83d

SHA1
0d4f85d6581f18d0e3c773baaa54d24472e9ed26

SHA256
3adfc2aa8d556c5ab5e8f77a66148a4e105943b5a1476c62a0a18c3f4b555cbd

SHA512
e1c419a6f9ae1385c519d53336a6b34dcf41d2b6a5b817190ec018a23adc625ebbede672737dfa4dea864a4481207b024bbfaca406df7b2b1893deda09035fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2aac753df18ebb32704e16f71bd8cfe8

SHA1
1393b750ebcb65562316c1637e450a7b261f5217

SHA256
c42636f15d804ed8987078f2b8b2a5ffc559e5048932a987064662805c55ce98

SHA512
8a7fe2092ea10ed335aa61736f7832213d98bfb43e26988c136b39559f3eb2831baa810e4aad5e473af7bd5d762beb09741cf27fdeb18353393761d7f7b4e72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b3b2902c66b9d273c5dcfc1cb3f034d9

SHA1
f67cc10dfc84bac9de63ac412db9a0c71ab6f763

SHA256
1f8badbdc438524dbfa8cf17570ba0f59ab1011e630956e89fdef017169c98f2

SHA512
4888bf6403dd26cdf2e4627b3c13dce32cc21f04210dc07d031ab923fa39857a04bf3f0875f98961789288394b5b4ababdcdb70e05b93a034e8da370fac50898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb0e6427ecfaf75c062ae5eb62df7cb6

SHA1
04de81b00a605730569908550215198f973d584c

SHA256
f4c25c01538d010d8674f44af4205766dc72c5a52a62b5058722509e3553ac92

SHA512
cae3e130a69d8547a2bfc1fc31edb2b6f642061e3c074ae21831a32e5bee436d5335b958a7f7d96578d7dfcc71155af78dacbfe57aee4c1c42b1bb7583dd32b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c10602f32be643759efd22377dcaf19e

SHA1
3e72cf804f2ee7a33f16c8976ca48a814d78f851

SHA256
80a90ef77ac06f81ffdf68c593b52719151a773156478e4ea61cce02f41e5456

SHA512
2194c9d1380791365a306081df830d60e0cdeaae333a647b5fc69a1e2e9aa9e4dc8953df3bb5013dc44a9ecfacf03d8729ac6c5df09713910336478586aa6bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
efdb631a4c4ebcdea658360118eb1b8a

SHA1
8688550039806621a9efc4fc91933ae6df511552

SHA256
2655e4bb4e2c8885ffdc74deb69556288ee4066e4b3d1631fb03ec785d0cdbaf

SHA512
71b8a5e80c73834e8d82be4892a873e2618dd53d830fe561e9cd310c17e1ad8b6cab8bbef3f059e3e445643e7e5a688f5349574a461f90a7866c469dfcb724ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f40b38866f5ae5afa572bb99fff194e

SHA1
269cb71c07ae3142a4c0aa47ce0fb88a11b0938a

SHA256
00d6bd2bd459fd6d352430c3a569ca4bdd8da0335780083f5c0388ba288fc8b2

SHA512
6818d691c6500496ce3e5d198150f0132746dfc7ab8a4f2f7a26d1370fb0b9f72219b97b61127c4669f37685bce73647d72d73cf519c1bd068b82c0295561e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
890ef11e0bc4ee73e051bf3ba154c865

SHA1
650507e567c76ee49e299ef9ae0a4cde68c83058

SHA256
d026181344e443dcb0a373cc5e67ad8415c45290840ccc5d9c6101767d514e2b

SHA512
ba03f5ea1c102cb1194eb1bbd5b689c090d83d2e2a62091163f5536866977d2749a018d0c7e7f8069cae77ed65bf98d4e8a630c56a5bebea5bd2c1f3c8be803c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0983cabc1a47e59a1e3a482087c4d11

SHA1
c4882740011b7bd9697527d52266c46d6295530d

SHA256
edc39491ceb7b2d851a12216a7d89d6ee5051494180c806724810950aee2c59c

SHA512
2b678324b0f13b27a6d32088ec5bc9125e37eb3a784a24ae325cc3aba861d8466e9425e38f10557f2db9e325956d26511770c40466840524ffb1456a47bd865d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe66142b.TMP

Filesize
204B

MD5
5f70dba02e2871525d403b7741d9f4c6

SHA1
57eb56de12e4efc1a358017446cf109a0b69782c

SHA256
0872915b98b8342b4802d731214435a1f0f23066459ded9f11ea133f4cf2e909

SHA512
dfe48536cdcec71db6d654ab3dbc185c1fe0d3a4110b418db1405d3a640a89a0f963ebd2fa6bc05c0f405855f1f24e548b0b618d2cfb51e2cf7c08e60bbf74a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84f3626a064b2a523ca468483b616137

SHA1
720e85cf22829150b979525f53fd7887d2fd3820

SHA256
448a48d8d3f68cad89e423d6d37cf1fd8780f814a00f69e1b355bad3625673b9

SHA512
17afbfe6a3e38205c5f40a1cf24ed78d16c8f9e2f4d195fffb09e3c8eb2300e5c3708ce1076c4cee7ae1953abf9b42e8bb373ec1ffc0f6a47ec478a451ced074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5632d538f42eabb67f8f23a64a44e9e8

SHA1
47cc92d08fcd65805564162d1915b2020db7d1cc

SHA256
2968f3ba4ed420e2354c5602da3ca3abced84161b438e4fbe6cf5c97ef3ec3b4

SHA512
0e136cd00e9a509d89753d34f7be9c6752a8ee95b10b2005da91d2df16e835437af417ffa61c35f0c4c3a92bfba64b2718aad83a4f9060ee15284792d0f60caf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
6c4ac07b5fbdafaf4c98885e445f08a7

SHA1
0391c53cef30e3bad09892e3aaa8160a5e725e0d

SHA256
8104f71ec26a6b7a4762af0d24e4ff0f0d0f3975bb6d54dbcc3c11db70c33c02

SHA512
0a411f7363f2d539b6d21d69e71ddf803545a86244d4d3d224b2bb6e010cff8326bab6b22de6136969ad51fbe5b1c2717b12a29a14af75f66310f114021b7ac5

Download Submit
memory/384-988-0x00007FFFC9570000-0x00007FFFC9571000-memory.dmp

Filesize
4KB

Download
memory/384-989-0x00007FFFC9850000-0x00007FFFC9851000-memory.dmp

Filesize
4KB

Download
memory/824-966-0x00007FFFC9BA0000-0x00007FFFC9BA1000-memory.dmp

Filesize
4KB

Download
memory/824-1929-0x000002355BF80000-0x000002355C02D000-memory.dmp

Filesize
692KB

Download
memory/5344-2939-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2933-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2932-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2934-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2938-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2942-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2941-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download
memory/5344-2940-0x0000019F1A810000-0x0000019F1A811000-memory.dmp

Filesize
4KB

Download