5d6e732c1e10643a4af41366024bc5ae95f0d3e9d7ef05176aa92b92de56b1b3

Analysis

max time kernel
150s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BraveBrowserSetup-BRV010.exe
Size

1.2MB
MD5

2060ab5b1a94121d07a3e08a6191663b
SHA1

3c10bd7ba85e24d2ace4890563285f82cfa44f45
SHA256

5d6e732c1e10643a4af41366024bc5ae95f0d3e9d7ef05176aa92b92de56b1b3
SHA512

a96b73889d4c8b4507359033bb1540f75b3467d1f3415a43f00180188c7f782fa4579fcda49e7da988f7b8392d3afa76533b696b84c038fd67aeec87c85c4d6c
SSDEEP

24576:7mmr/0jMyLSy6MbbfPfB9vR+o/5vHjO2X0sJgT243be2Y9rmLISoXcn:Tr/jyLlfzR+o/5vHjO2PJgKwC1rWIpQ

Score

6^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.89\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\tr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\es\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\he\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\ml.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\ta.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\pt_PT\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\131.1.73.89.manifest	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\fa.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_bn.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fi.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\brave_resources.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\en_US\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ta.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_te.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_th.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_uk.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\pl.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\ms\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\chrome.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ru.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\5696_13376514021902913.pma	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\he.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\sv\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-PT.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\sv.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\te.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\vulkan-1.dll	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_gu.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\chrome_wer.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\88a549bb-9635-4993-8fb2-0b1cc9587c20.tmp	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\uk.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\sk.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShellArm64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\da.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\dxcompiler.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\et\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ro.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\ru.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\lt\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_de.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_et.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\fr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\id.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\PrivacySandboxAttestationsPreloaded\manifest.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fil.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_zh-CN.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\bg.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\Locales\nb.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4588_1739117192\Chrome-bin\131.1.73.89\resources\brave_extension\_locales\da\messages.json	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_411266840\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1347676400\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\spencer-moore-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1153205428\kkjipiepeooghlclkedllogndmohhnhi	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ur.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\scripts\brave_rewards\publisher\twitter\twitterAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_895606487\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\mohammad-usaid-abbasi.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_es-419.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ko.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_mr.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_hi.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_592280361\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\nadeem-choudhary-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateComRegisterShell64.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_en.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_et.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\https-upgrade-exceptions-list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\scripts\brave_rewards\publisher\github\githubBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\scripts\brave_rewards\publisher\github\githubAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_11323188\download_file_types.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_895606487\photo.json	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateBroker.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_cs.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_pt-BR.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\nadeem-choudhary-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\sean-o-riordan.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1153205428\dnryisldmaqljgwaxeqbuuhuvrbboqlf	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\psuser.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ro.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\aleks-eva-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1153205428\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_nl.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_11323188\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_1218865564\khaoiebndkojlmppeemjhbpbandiljpe_67_win_kfegpqlp6gezs4ree2ol2br2ym.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\psuser_arm64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_743106811\extension_1_0_68.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1592779670\manifest.json	brave.exe
File opened for modification	C:\Windows\SystemTemp\chromium_installer.log	setup.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_1891534884\extension_1_0_15.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_1246862716\hfnkpimlhhgieaddgfemjhofmfblmnib_9314_all_ad2h7zgyq7ja36rmogg4luxl3thq.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_544600491\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_411266840\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_453205110\extension_1_0_9051.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1700738580\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\1\clean-urls-permissions.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_5360_88000027\extension_1_0_104.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_895606487\42bfed7a-bf79-43c9-b7a0-e19304b977e0.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1347676400\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\StudentNTP_Aurora-Tennant_x1140.jpg	brave.exe
File opened for modification	C:\Windows\SystemTemp\GUT78AC.tmp	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_vi.dll	BraveBrowserSetup-BRV010.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\nabil-george.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUM78AB.tmp\psmachine_arm64.dll	BraveBrowserSetup-BRV010.exe

Executes dropped EXE 44 IoCs

pid	Process
1476	BraveUpdate.exe
4644	BraveUpdate.exe
664	BraveUpdate.exe
2116	BraveUpdateComRegisterShell64.exe
1508	BraveUpdateComRegisterShell64.exe
1852	BraveUpdateComRegisterShell64.exe
2032	BraveUpdate.exe
2108	BraveUpdate.exe
1428	BraveUpdate.exe
5312	brave_installer-x64.exe
4588	setup.exe
4336	setup.exe
5696	setup.exe
6128	setup.exe
5996	BraveUpdate.exe
2240	BraveUpdateOnDemand.exe
5980	BraveUpdate.exe
5360	brave.exe
5248	brave.exe
3804	brave.exe
3292	brave.exe
5444	elevation_service.exe
1888	brave.exe
1580	brave.exe
3152	brave.exe
2128	brave.exe
2052	brave.exe
4684	brave.exe
3936	brave.exe
2564	brave.exe
5484	chrmstp.exe
2848	brave.exe
2028	brave.exe
396	chrmstp.exe
5456	chrmstp.exe
3268	chrmstp.exe
1600	brave.exe
5668	brave.exe
6112	brave.exe
4704	brave.exe
3960	brave.exe
1980	brave.exe
388	brave.exe
3552	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
1476	BraveUpdate.exe
4644	BraveUpdate.exe
664	BraveUpdate.exe
2116	BraveUpdateComRegisterShell64.exe
664	BraveUpdate.exe
1508	BraveUpdateComRegisterShell64.exe
664	BraveUpdate.exe
1852	BraveUpdateComRegisterShell64.exe
664	BraveUpdate.exe
2032	BraveUpdate.exe
2108	BraveUpdate.exe
1428	BraveUpdate.exe
1428	BraveUpdate.exe
2108	BraveUpdate.exe
5996	BraveUpdate.exe
5980	BraveUpdate.exe
5980	BraveUpdate.exe
5360	brave.exe
5248	brave.exe
5360	brave.exe
3804	brave.exe
3292	brave.exe
3804	brave.exe
3292	brave.exe
3804	brave.exe
3804	brave.exe
3804	brave.exe
1888	brave.exe
1888	brave.exe
3804	brave.exe
3804	brave.exe
3804	brave.exe
1580	brave.exe
3152	brave.exe
1580	brave.exe
3152	brave.exe
2128	brave.exe
2128	brave.exe
2052	brave.exe
2052	brave.exe
4684	brave.exe
4684	brave.exe
3936	brave.exe
3936	brave.exe
2564	brave.exe
2564	brave.exe
2848	brave.exe
2028	brave.exe
2848	brave.exe
2028	brave.exe
1600	brave.exe
1600	brave.exe
5668	brave.exe
5668	brave.exe
6112	brave.exe
6112	brave.exe
4704	brave.exe
4704	brave.exe
3960	brave.exe
3960	brave.exe
1980	brave.exe
1980	brave.exe
388	brave.exe
388	brave.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2032	BraveUpdate.exe
5996	BraveUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765140512200594"	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation\Enabled = "1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\Application\AppUserModelId = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32\ThreadingModel = "Both"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7371A190-8A35-414B-8E82-6BC03470DF54}\InprocHandler32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32\ = "{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ = "IJobObserver2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BravePDF\DefaultIcon\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{3282EB12-D954-4FD2-A2E1-C942C8745C65}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ = "IApp2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\Application\ApplicationIcon = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32\ = "{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine\CurVer\ = "BraveSoftwareUpdate.Update3WebMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0\ = "BraveUpdate CredentialDialog"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods\ = "7"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ProgID\ = "BraveSoftwareUpdate.Update3WebMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32\ = "{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\LocalService = "bravem"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\AppID = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}\InProcServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32\ = "{08174DAE-D5AB-4E27-9AC0-9B16D4F67F3B}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ = "IAppWeb"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods\ = "8"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ = "ICoCreateAsyncStatus"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ = "IJobObserver"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods\ = "13"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0\win32\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.89\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32	BraveUpdate.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
2108	BraveUpdate.exe
2108	BraveUpdate.exe
5996	BraveUpdate.exe
5996	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
1476	BraveUpdate.exe
5360	brave.exe
5360	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5360	brave.exe
5360	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1476	BraveUpdate.exe
Token: SeDebugPrivilege	1476	BraveUpdate.exe
Token: SeDebugPrivilege	1476	BraveUpdate.exe
Token: SeDebugPrivilege	1476	BraveUpdate.exe
Token: 33	5312	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	5312	brave_installer-x64.exe
Token: SeDebugPrivilege	2108	BraveUpdate.exe
Token: SeDebugPrivilege	5996	BraveUpdate.exe
Token: SeDebugPrivilege	1476	BraveUpdate.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe
Token: SeCreatePagefilePrivilege	5360	brave.exe
Token: SeShutdownPrivilege	5360	brave.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5360	brave.exe
5360	brave.exe
5360	brave.exe
5456	chrmstp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5236 wrote to memory of 1476	5236	BraveBrowserSetup-BRV010.exe	77
PID 5236 wrote to memory of 1476	5236	BraveBrowserSetup-BRV010.exe	77
PID 5236 wrote to memory of 1476	5236	BraveBrowserSetup-BRV010.exe	77
PID 1476 wrote to memory of 4644	1476	BraveUpdate.exe	78
PID 1476 wrote to memory of 4644	1476	BraveUpdate.exe	78
PID 1476 wrote to memory of 4644	1476	BraveUpdate.exe	78
PID 1476 wrote to memory of 664	1476	BraveUpdate.exe	79
PID 1476 wrote to memory of 664	1476	BraveUpdate.exe	79
PID 1476 wrote to memory of 664	1476	BraveUpdate.exe	79
PID 664 wrote to memory of 2116	664	BraveUpdate.exe	80
PID 664 wrote to memory of 2116	664	BraveUpdate.exe	80
PID 664 wrote to memory of 1508	664	BraveUpdate.exe	81
PID 664 wrote to memory of 1508	664	BraveUpdate.exe	81
PID 664 wrote to memory of 1852	664	BraveUpdate.exe	82
PID 664 wrote to memory of 1852	664	BraveUpdate.exe	82
PID 1476 wrote to memory of 2032	1476	BraveUpdate.exe	83
PID 1476 wrote to memory of 2032	1476	BraveUpdate.exe	83
PID 1476 wrote to memory of 2032	1476	BraveUpdate.exe	83
PID 1476 wrote to memory of 2108	1476	BraveUpdate.exe	84
PID 1476 wrote to memory of 2108	1476	BraveUpdate.exe	84
PID 1476 wrote to memory of 2108	1476	BraveUpdate.exe	84
PID 1428 wrote to memory of 5312	1428	BraveUpdate.exe	88
PID 1428 wrote to memory of 5312	1428	BraveUpdate.exe	88
PID 5312 wrote to memory of 4588	5312	brave_installer-x64.exe	89
PID 5312 wrote to memory of 4588	5312	brave_installer-x64.exe	89
PID 4588 wrote to memory of 4336	4588	setup.exe	90
PID 4588 wrote to memory of 4336	4588	setup.exe	90
PID 4588 wrote to memory of 5696	4588	setup.exe	91
PID 4588 wrote to memory of 5696	4588	setup.exe	91
PID 5696 wrote to memory of 6128	5696	setup.exe	92
PID 5696 wrote to memory of 6128	5696	setup.exe	92
PID 1428 wrote to memory of 5996	1428	BraveUpdate.exe	94
PID 1428 wrote to memory of 5996	1428	BraveUpdate.exe	94
PID 1428 wrote to memory of 5996	1428	BraveUpdate.exe	94
PID 2240 wrote to memory of 5980	2240	BraveUpdateOnDemand.exe	96
PID 2240 wrote to memory of 5980	2240	BraveUpdateOnDemand.exe	96
PID 2240 wrote to memory of 5980	2240	BraveUpdateOnDemand.exe	96
PID 5980 wrote to memory of 5360	5980	BraveUpdate.exe	97
PID 5980 wrote to memory of 5360	5980	BraveUpdate.exe	97
PID 5360 wrote to memory of 5248	5360	brave.exe	98
PID 5360 wrote to memory of 5248	5360	brave.exe	98
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99
PID 5360 wrote to memory of 3804	5360	brave.exe	99

C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5236
- C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdate.exe
  C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4644
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:664
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2116
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1508
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1852
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NEUzQzI0Ny02RUMyLTQ0QTItQkY1My05RUZGRDNEMjU1QTJ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MUZDRjg2MjEtRDMzRC00Q0ZELTg3MDctMjg4OEQ1OUY2N0JBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE5NjkiLz48L2FwcD48L3JlcXVlc3Q-
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2032
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{54E3C247-6EC2-44A2-BF53-9EFFD3D255A2}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2108

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\guiE977.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5312
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\guiE977.tmp" --brave-referral-code="BRV010"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4588
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff66b499498,0x7ff66b4994a4,0x7ff66b4994b0
      4⤵
      Executes dropped EXE
      PID:4336
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\guiE977.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Drops file in Program Files directory
      Drops file in Windows directory
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:5696
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{AEC8E6CB-3BB2-4006-8B33-1FC2EA7E103B}\CR_31E40.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff66b499498,0x7ff66b4994a4,0x7ff66b4994b0
        5⤵
        Executes dropped EXE
        
        PID:6128
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1NEUzQzI0Ny02RUMyLTQ0QTItQkY1My05RUZGRDNEMjU1QTJ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OEQyMzk3RTktOEVEOC00QTMxLUJCQTEtRUYwMjQ4RjQ1NDNCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjg5IiBhcD0icmVsZWFzZSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS9yZWxlYXNlL3dpbi8xMzEuMS43My44OS94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMDcwMjg2NCIgdG90YWw9IjEzMDcwMjg2NCIgZG93bmxvYWRfdGltZV9tcz0iMTcyNTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ1MiIgZG93bmxvYWRfdGltZV9tcz0iMTg3NDkiIGRvd25sb2FkZWQ9IjEzMDcwMjg2NCIgdG90YWw9IjEzMDcwMjg2NCIgaW5zdGFsbF90aW1lX21zPSIzMzA3OSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5996

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5980
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Checks system information in the registry
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5360
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e66d0d18,0x7ff9e66d0d24,0x7ff9e66d0d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5248
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2024,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=2020 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3804
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=1912,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=2236 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3292
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2388,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=2548 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1888
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10269583004149040142 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3260,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=3480 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1580
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10269583004149040142 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3316,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=3704 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3152
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4516,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=4492 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2128
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4756,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5104 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2052
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5084,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=4884 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4684
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4812,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=4568 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3936
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5172,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5188 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2564
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:5484
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7b9fc9498,0x7ff7b9fc94a4,0x7ff7b9fc94b0
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:396
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:5456
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.89 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7b9fc9498,0x7ff7b9fc94a4,0x7ff7b9fc94b0
        6⤵
        Executes dropped EXE
        
        PID:3268
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5332,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5404 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2848
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5388,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5548 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2028
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4560,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5876 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1600
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5540,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5536 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5668
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5576,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5436 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6112
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5392,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5412 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4704
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5196,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5216 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3960
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6008,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=4492 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1980
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5456,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=5888 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:388
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5452,i,3208923748657809142,8558378505146441950,262144 --variations-seed-version=main@260ddf1df61c56ffd2a472c2325fb1a239b4cca6 --mojo-platform-channel-handle=208 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:3552

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.89\Installer\setup.exe

Filesize
4.4MB

MD5
48648d4bac82740ffb724cb331f60f8f

SHA1
a0bd78aa8b2e4c8d8405d45ca399efbb1c7a9a5a

SHA256
1be01760ac83da7f5861b441a5b9aa0ddfbaf76228ff62d9ddd9ee6cb2740cb7

SHA512
f8831b6e8028f22205b12a368469dd679a88d1e46c8b90212d8ec3b064c2daf03aa9e98cd656aa288b293cc9ffec349f933b0c1077788e4e98ed2716780664c5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9314\crl-set

Filesize
672KB

MD5
d4ed4189fa2a71b5eee6be07cc4458c3

SHA1
b5639b1416c0d94506dc1484a6bb3fe5ef19324d

SHA256
0e68091e3672d70cc4068a0b008e06461b3b98b6fd18751bcd2f333f90f7a74d

SHA512
6d4180878ac482a4099f480b90b493d59778f5fd9139dd5877d4360d490bf7213ebe467b08a2b97ac0dcfe36f7df463eb668703c5653dcb20fe0ac25b01c376c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\66b53260-356f-44e3-8ace-76ec37bc12c4.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe599735.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
319012c54a3a20f8afcffff41b9dbc3d

SHA1
d07f8bee26313ebe9b471aa175832417b99825df

SHA256
aaf90b58a419ad86adec0b1d317debb166f18a937111a14ca40ccb977e75bf15

SHA512
a72a89250dde10832f821cc13c0ae38125049738c86739d8adfa550ec0a316ddae0b9f38747d9c5a3a02429bb4d2e97df1626121c60f8e08e530b5f75fd30059

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe589759.TMP

Filesize
2KB

MD5
8b4cfaee0ebc9701d9082a66a7d820ac

SHA1
1a43f2fc84fe06b262b11ce7decdbd2f2c1ee76b

SHA256
6378ed57caa4ee745450c0dc0730dd73585ac1b568310ea5a8dc1162fb673ccf

SHA512
80e554d4d90ea5c9cc46f9f5e26e0bafccfa85c20a260be2321a56cf3fc5f802015cacedd27d0fd8a145013dfa6929912f4fffd5df0806ea966713c7f9022944

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
6e9c84401a55fb2b57073cbb0e1411b2

SHA1
404f6f237990adc6ef4685822b3ba556ed79e6b3

SHA256
254bcb043c509090a494eb3812adeade9f56185dc03d27de770016f86ceffd75

SHA512
38642677dbc2f82c44fde41c07b2a8ede266b380d9fac5cfc23071a19a8b65dc3ed0da028d142c001c358f3e74c515a879d6dfebe9634c333160d7d8566b84a7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
8a21b0202ce9c6567d2eb2f2db206543

SHA1
a84499e0e36cc0e44c2f1a95e77d9f379892799f

SHA256
8d7b72801cf15be7d10cf4fbb8f912f3b24b7e0393314bcc1ddf92919834a73a

SHA512
9b22130d48fc551521a173f4c9d2ade4333be66fa3bbe961e07e92b52cd6b409e468b48e69a59aebee0f6cbfd8fd1ec31060b1669124e2ce541b2ca38e1cf4dd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
8fdbf851127ec982b081babc96bab66e

SHA1
cc0e5fbe507e9f42e7c6a2a80cae41274ab96f87

SHA256
0e974502b6cfceb1726a8fbb1e503ab76fe9219758544710036b4fc686e86ca5

SHA512
08118dac25f13cbc4240f59eedd5bc96661b52396a822e53a6f851fd7fa71d029f84f0b3f03d415375bdfd61be9a5781e44654ade12478b930dfb50bc9e98323

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
a216b97c10f3256564e5503da105f73d

SHA1
056f7329f3ff8cac30678e6f2314829896634819

SHA256
9e75d0ada9d06dd0956a0571df8c94d50f161d990c462ee458dd81120f57e7cc

SHA512
5261c88a9f11b84cb7a37b5306f9a1ce7d32681217f71ffba818b6857b9eebbcbe653f738611ddbaa6494882df02ac6aec031c235e03f37f4981226246a311cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
8a00689512cbfa002cb652fbd8c58716

SHA1
4622a8da44ea6805793c319dc5e62e3277056375

SHA256
239a3e0b01cba629edaf8828b8305cb787f18cfca3abcd2c2d469ab0b5ddf002

SHA512
ce379bdb2576b12151c08cdbb9f2ffdb9e0bc1652d4ae666ff98ed110752515081ee939fcac6f1aef4628c72556ef2722f8d1c395099bd494a3ebb3288626b64

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
59KB

MD5
f59d0b98ef5e86f341da00862f94c7f4

SHA1
f0bad55c6505d23ed1c7cf222344b5934544f07c

SHA256
58aa782272f75ec004735d044e297bd4a99647d061de17a74d266536b84a3f48

SHA512
6f47fb936f3745e9e999b6072ec4689f6b818a53e3fec06b6baf1eb61aa78a04a8e0e84ea22f174368ec890a0cacab8126aaa510c0cd958a9f965b864ce6bbd2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe58702a.TMP

Filesize
6KB

MD5
e9c5c9cf8f7964ab5f2499e9cfb04ec4

SHA1
bf096f5a57cf071ceb4c44f5e0754359be09c85e

SHA256
2b4c8c43180f418dcccb92291540894d3d3385e8908bb787f9227ea246cc6eb9

SHA512
9b68aa80eca77d05eae5a885ed0eb03f2a49d39f1cd6c834f225d6f124a8950fbdf3ec10fce68ed7792f3d43f71f0419dba7b9fa5e9eb0723e72fff47d6f53b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.248\list.txt

Filesize
136KB

MD5
864e1f67a68657679104e66bd7cb7c47

SHA1
2928e4031160398cbf260ea5c9d5fe989c191034

SHA256
51be80221615b1033286a971fe11e87db02800138b4e977f2145d59d1bee8651

SHA512
80f105838e31240de95cc762b5c4089edfe9192a5c8b6b8915b8365e05103018426878c0ac5dbac62fc5ffa85d5a1d41e2d3abdadf4a35b7792bceb235781866

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\clean-urls.json

Filesize
18KB

MD5
7010deaf187f241fffc5249807f9f435

SHA1
774048c27f5fbaa3b68af5a85b49be61367877ad

SHA256
6c60e4687535410e868b2b26b256a330070bbfc28592ecde54e2066f150e5fa3

SHA512
d003d747f610cd5c08cc149989c1c599bad77fe45e4184cf2d0df79abb5aa8d233d912185d4a662eb950234d0aeeef662b2791d4e79ce1a86528e3dc6cb396e5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\debounce.json

Filesize
11KB

MD5
dce4aecdd67737593ebe45f77d5d2a89

SHA1
7fdac6756832329e398657372a0492fb012affbf

SHA256
f5f0640cefbd17c915c36c97a2fd010dfe0e3b7f6b136b78b5a84715eefbf07e

SHA512
2828896a359d7b3446aa1b779a794d6582b9c04547415b83ffd24c7891ff0ab67d75a073ec754a91948c3eb3ddac754308482b16a7394aa734d09cf504910e2d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.971\1\webcompat-exceptions.json

Filesize
4KB

MD5
aeccbd5b22af44db9ea67421ba70e3c3

SHA1
7f1a9d5274c316f7f0cb656da33dd66c4ffdac64

SHA256
35d4b43e1bc3019653251b484e6906119fb878a820723be845cfd51a5d8e825b

SHA512
f6e5b8cdd1ebfb806ab5c4f7bffee79900762358c4cac813ecebbe1c5a311f243591e97b7a9f5e359b041149177bd952d8c0a2202a58ae26167bc9276ab61688

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.9697\list.txt

Filesize
54KB

MD5
40e9f1317b4815ad6acaf020e7207c08

SHA1
3f6ac830e035d58ed51f5d35a8d437c3a44f8e56

SHA256
68117ae068a3b84792c5fe2051f46e6f323bd9a9bc4071c8d8f2a5d3c3de4a07

SHA512
92a2e78007d1785cb7587ac5ca4be98424d94ce65b6d39d2e08eb59ce8811bd8b21712ae5ec5a2857f1d196d2727575b4ba5e27173154d53e9c8121dcef63b91

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.10652\list.txt

Filesize
1.4MB

MD5
415aeaab2d2aff4df7b5bcbbc053fb47

SHA1
990aff03582c7dc44a2b493fa27fab0bea768545

SHA256
bfe957dc5b3577995f092e8287111516474e6cb9905c144c362424d4195c2c1c

SHA512
d44518ced7f4e3060c5960b396ddd616cc7c03313caba53f075b515d637053025464012d74a30b79038ff715da15598583dac9ada0039e3808da35e58ba55baa

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_c571b43a7f1a86bdb8a7456c91476686bcc906b5e7b1839fe233b9cf21948593

Filesize
45KB

MD5
4e2daa3778cc282c9f4918adc6b782dd

SHA1
8f7c2c71ffb8c2ae9e190989527edc6736d74bd3

SHA256
c571b43a7f1a86bdb8a7456c91476686bcc906b5e7b1839fe233b9cf21948593

SHA512
bf7f914bb4a3a849f5c78a5bd27219d37c3b071ea36e404b3007819126e636641a6cb014102914b3853850403f29c0fb0abdfb0a5a038dead7ef0bf2ce39f3b3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_cb1cecc8b88702a859a7ebfede26b95d02e71ecc04155f7621445d5f775902a3

Filesize
71KB

MD5
8ba2b658a169212b9090c93c311d6bf6

SHA1
d50fcc12f0ba682f3260138fa0eeee141dd24f82

SHA256
cb1cecc8b88702a859a7ebfede26b95d02e71ecc04155f7621445d5f775902a3

SHA512
16443333606c16a8a8d330b732b7847058add710657fbcc5ee623c1b2a8b7ea5c06868b97755cfd08f5b04df1ea97d429310c0b5f9deab323b8e4d7184b4a2a9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_f4378b2466bb73faad7475e80d497c2bd695bc77aee3cce3348e194e875a57a6

Filesize
16KB

MD5
30b4415db534c2f0207ad8346f4b914d

SHA1
e80917be626023a0a922552b2a1d67d3ab8aaa68

SHA256
f4378b2466bb73faad7475e80d497c2bd695bc77aee3cce3348e194e875a57a6

SHA512
dc778667f2852953978f9229c4c0f19d356d51617a6be73b36785d99f3193f81e0892dfb616e0dc7a0d92b4960d5c55bf5003f569d268ee06c3aa53dbed224e4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_798ddc2232843f5647b04076a7838ec6a37c341912a800edd6c01d269be0b060

Filesize
408KB

MD5
50b12f3395b824dbb0f29fa4fe777ad1

SHA1
ff9cd40b5ceb7cda88d1d4107dc3220fd78c1f79

SHA256
798ddc2232843f5647b04076a7838ec6a37c341912a800edd6c01d269be0b060

SHA512
00080ae64cb338cbb3430694cbd651957e457b34c0bf6854fd45a9c97d7c65daa18939fa58341886cafc12f2699f0f2ef0290ecd81c86c751b92918742b8c52a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_311efd8500e6aa30a5085ca26788e0b9b49539e7004ee8bc726efd5a667ad976

Filesize
951KB

MD5
bd1ebd405dde691aa926f5bb086be9ea

SHA1
2b6aaff8a53284790d05fd10a7274753970d807b

SHA256
311efd8500e6aa30a5085ca26788e0b9b49539e7004ee8bc726efd5a667ad976

SHA512
a2a7acc683f20e404ef65f46894889138e5fd0d6920b9db5bde485d1da7f04e2e0b9fe5bf6cf963af0d12a295c8a164a30f0b89cf1fb931486a6d7a845702a8c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff

Filesize
74KB

MD5
00128ecb04200fe447cc1cdf6c6b83f9

SHA1
b4c8a71e72c0b7502f348e88180e2afc46ba33da

SHA256
ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff

SHA512
543f00597fbd8867f5c69af96f5781db3a4663290f1165a0e5320b1754a89abb70b5860e6b1d72c54eef2258bb686c0167c4666cdb658abf821a59d752bdf27a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.74026e7aa5f04907d8535bb7690f280ef601134ab339f67369dfce77039e6edd

Filesize
639KB

MD5
d875dad4ba3ea2740a46c1d3032c6ca7

SHA1
6005f5c0b2f96a6cfaa472083823a01d64e8e5fe

SHA256
74026e7aa5f04907d8535bb7690f280ef601134ab339f67369dfce77039e6edd

SHA512
5fccd7e2231d12982dc35d7df7415fed52b10cd254cf6751015150a13e0c36b760028e37c208d37be5c2bb0920b3f710285d739314da2715fab4a5beb95c0626

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_648ccaf92d914a27d4fe0c68a8d323e845e64a5c0bb71e7401aa04f59b387f0f

Filesize
17KB

MD5
bc5e6bcddd3fee166c5ae7d1ef7a219d

SHA1
5680b10917f09d286caf5ac348e0c5bf38a10aa6

SHA256
648ccaf92d914a27d4fe0c68a8d323e845e64a5c0bb71e7401aa04f59b387f0f

SHA512
e4765fdff67a996f1d8f148de16f75ecef814608b26e595eedc79b2e1a6d0222cf90a1db00d80c29a0dcbffa3f1a78faad7f7da9560cc634257b863c1ef40693

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_70ae19f1a3db2563b2bb458985fdbd9fdc35f0ffba90d394b053fbc08705fd19

Filesize
1.6MB

MD5
5d6e3adc3b358ae6a97dda19beed5ce9

SHA1
c0803a61f732826844ac59ded5d6875364d6bf2d

SHA256
70ae19f1a3db2563b2bb458985fdbd9fdc35f0ffba90d394b053fbc08705fd19

SHA512
4599db50c0d0fe76e1550304597a15b73563242f955536cbb3a75f616b3c06124b67616fa01abbf3a70d3957cab67895c0b142c23b25db6d7e6d599d3170eadd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.05f831c9bcb034718383e2146955fa7bba70e2acf170fda962e1aa87d248b277

Filesize
5.1MB

MD5
38ae6112d669b215714d7f1831be3e91

SHA1
4b0af00ca44f4bf485471e532f5ab90e54af5ff8

SHA256
05f831c9bcb034718383e2146955fa7bba70e2acf170fda962e1aa87d248b277

SHA512
17db57b4a2993f0e9fe56b210b14b809ee0d5b080a172b7d89f9933f40b58cd0edb4b638a93f05ecdc9e3a23a0c01744c1edcdbd2c2aa8fc605c6a1431f16200

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1793\photo.json

Filesize
1KB

MD5
bde9390f46c21b6ce08fede59bf583fc

SHA1
9e7d3476db21e83f78c130c7e27192a4fc366d04

SHA256
29fa0b682412936dbbd4ab2b0ca5f4edc0a58cc02fbc319f95c339c2b591e166

SHA512
c47217273aeafaa165695fc52b93dfa93a2373556a35d038555c79d57230ba0dd9f49cfe2d4c4f308f2591ab11d4f123a21830cc74cffe441493a4f0d2ffcfaf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.68\list_catalog.json

Filesize
76KB

MD5
986712f893817366c582c3dd2e24451c

SHA1
5ad4c249712657f438950a7ba379e53a0e3304fc

SHA256
8be9fc0f7a67d492fc01b2c001562f27328cbd7403ede81221ed489850f5dbd0

SHA512
00d3882404f59cd93a05d118c511ca23ba2984d352e97e4c6283cd09b68faa1e1498636e2e310afcdc86284bd5ead091903b6537750795db5ee55fa5b8a38edf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.105\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.9051\list.txt

Filesize
5.6MB

MD5
1c9fd1de88d4620e266ef6b2ce1e1aaa

SHA1
0ae911814c4557eb19ee763a4fec7c93970b0770

SHA256
43fb1ed02b39439abd39a8867bc285088ddcf8e9274f3cf088a0a96b9ffe74b2

SHA512
f785181c19d7124e05876da216d963f6915ebb126969ad1e441cf2feb2d27826a75d858a406d9f0ad839d8071b045ce1382336cdb49a26874b6a0d2d1974c410

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
f29adbea180b0b064884371527b023df

SHA1
a4a78ebb91622d9b5ca1d8e48c36dca5e359ff67

SHA256
452df111ca5e5cc825b9dcb311a52cc2b808662273cc809db3baef8904cdc350

SHA512
3fc4d5d544008badc804714610dbce0a040d0607783a39815dc805c05f3c9d33309fce38dfd68a846c9cbd7ffba7d84fc0009b21f4b30cd8c47f6cc20e1461aa

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
e4d19f3cd92481c42d4fe278be4a031c

SHA1
4f59b2c845b8b5606ff6755b600300535a4dc5d5

SHA256
10cd74df89cf3e96f287b2340532ddfc9e0c4bc587a28f5f74608f7c047af8d2

SHA512
5fe7bdf2364d8bb4b90768db94da14f240bc3448ec12ed72f6947657fc711f2c66f3c97846addb05f883b9b1fa6e7fcd2cece91f0b9452ca23cfa52c7f95ed35

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
c2f51ba999ac583887a073f81d960ef9

SHA1
9c1f8a704054310bb757c5c9006e607a450bbdd5

SHA256
0cb3a002cac53f2fadfc82e0179c5401683ed5ff2aa1a809cbae63fe461e767f

SHA512
f2b679af9ca3d09b7de904dd90dd0a73276f5cdbcfb176c60128d14407f7cd2033a01e15217d41df8f3b5b47ca596843d1702a7b885ba9a8e58bbf1c31a79c69

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
fa753a3820d1bc4eca3c17525ab39561

SHA1
fd6b96351c04944a333699b7647902d462c1e87d

SHA256
4361f244fc57bc5cddf67f22f7a72dd15fe11a9cea1ba0de42a130c66ffce615

SHA512
843344e30304999678e7648e7da46d7ee13d08c6f0339cfe73887addda09a7dd82902bcccc52d39ce12fc32527fe41a4431fd0e1722f693199033ddcff13d0f6

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdate.exe

Filesize
163KB

MD5
76ce7131a5052c8fb20668722a55a514

SHA1
61d37e91fa4425481eed5f96d77a131f2c3fe3e3

SHA256
4b725ae3dcf656e3d17487f0cac0e971b80ca53c70adea08d124f41c51343953

SHA512
cfa4c587be7b86d54375e6f79444b091d68395bb186a60ccdebb53aa5ce438a658b6bbace23d56ba8b5feca7664e6696dba5ce4db0e32a2868772b672aceb21b

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
64ba1ddcccd9925b69980f56db223829

SHA1
76889e13eabf03a85cc2eb62fc91e8a3bad33c6a

SHA256
1591e8690f42f1a4caaef1a23d6c629111b190c6fb32a7ab96153a5be0b7fd90

SHA512
a59e4faf10e5f9677c7655c7a8968fe63fa7019f60a60b2f82509c137e10b67e0ec276a2dbb65fa12f5d25d988e064181a1427766df2b765c0164f63d3ee5d14

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
09fd17623cbc963534b16d44d7cc4d04

SHA1
8c527f4153027d620d3b594e9971e3662a240abd

SHA256
fe31c44b0aba2611d4735ff20764005e45b61647b51742e95bc04d4d5ab0fe1f

SHA512
0acc29ec6b5dcf9141dabff701b4e75e9628fdf9b0c78ade4c7537e2281e793dee3f0350e8b262fca5af241866c586716d183d74f41b079f42ea120be8847d5b

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
c3cc0acd27bfba66e28b397db517d0ee

SHA1
fedc1caa3b5cd7b02733b4d0b0ca7b740c6533c7

SHA256
b838ae7dad750d45b9987576615871092080694385976802d2d616e3ecb6fb22

SHA512
f813b093a8c1090ddb7892e4320b77009f730578223cc1062e8011bdd8e75cea13fca16df2b5aa662d58c7102b657ef5a28080ceff7680a8ad8a2b34e96f69c7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdate.dll

Filesize
1.0MB

MD5
a3388ec02b9f1a36394bbf6903f738de

SHA1
bb3c86c247dd837aa394176a42cc0e294bad9742

SHA256
d32b79b41fc5fa3af388a662df63371b0abeb47ecd60f38c88a54770bae353e1

SHA512
4a46fa767a09836d99bbb8bc1df9427ef92f28ae40473a73f7ee41505000da597d6f0f126eb1ee35347ac14a2294f226fe8ece027ae6c31379d8adee2b48b79f

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_am.dll

Filesize
42KB

MD5
d53668170c1b592826bb76a266565822

SHA1
1de3030f367a3bf82ca7465b57d28059b8086a6c

SHA256
223ef43666388a14c2409abe5b958bd0ce2a230352c0a26a30ff7c03d46214cb

SHA512
5217d768552a74ae5fabfaa732eee1c34575fd72df94855cd974216bc538e34288e7c6facc4fcd67fcab508244a76efacc1753846a09eccf11d95f572cfe3472

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
7205edf6c8d13f049844db41d79b65d7

SHA1
16a93afac42b1e1228d7c1309f662f8f6723becb

SHA256
11f53ee77b88a9445b703c91feb19c67507e3f016e54f393b75b1f387f73f71d

SHA512
4877f9b5634f30ff15535288a9ef890b8a5a2629264c6565d609865be2e01fe8594e434fc911961ebbaf02b433f85ab6f3f4af1d8ac108213cf4ef631d0071c2

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
4486fe10cb0506393d3f1e3c19328902

SHA1
ac2a8e9e7cb82b027f8cc842e6aae239c1bf1110

SHA256
f55fbece6eb8c4cfdf0550ad8dfa1a010be36a6a1e27d9ecc405e1bc8f3cc4fc

SHA512
73a26e6e8b784fb4ad8de68e581b5f329904ab49ab231065eb8027966b55367626a103e9469991d88ae6244e6a7e2940febb4ac72b76cde6e73dc35244f3fe7c

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
dc497eed5174685cb56873c3aa3f0b4d

SHA1
ded96239a5b79ae58a8393381f9f4adde9edc2ac

SHA256
48963b422a21a2a8a0a641bdb82136028624d3ba083db94e40954e700140445f

SHA512
67c2286e2740e39e4124bd270f7a28b1f8d0cd07891d7fbdff3fa93bc2242eeddab460dcaa0623c0ace2fbaac6b5488563b2c9b054022ad22ce549e28c9adceb

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
ce1ae3c060ff3b5dab32cb4d5f9070b0

SHA1
2439f8dda1d235dab78b838ac6a91bae660f501d

SHA256
368973b095db00694240ab8a662413d05748dfba639abae0d13cffafb7d25ab5

SHA512
9432ca99bfbd465432ab095f5bbaf50b34325ceb69ff26ac21edc92fb106404a972d26edef9969dc56053281ce80d54219592a12e933ed8da9c9ae8357c17732

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
9a6483b051491b769702f92eb0034b72

SHA1
1be7834629f9df9f918c9ee03a54d23bc8aea582

SHA256
0f0c252cc98157eab8323c1503a29081a8e5e92a7ff657c8c90c157a4fd98e65

SHA512
36311e0b717d69eef02accac27218ab905a8b7c6596ba84275d67fe59acd0b0593021798beab6a9ab59845768fc1134a39ac0d3134be3031756e2311fe58db7c

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_da.dll

Filesize
43KB

MD5
247b46adad45714a355a8212101df40b

SHA1
fbb1eddda0e784a23fe6c129aad52c6980dff0a5

SHA256
69179afa072576e029ca49eada746ae985d1d6175c977418ea965cd55f43887d

SHA512
b4189aeb1ce354d18af5389647818f2027aab292bb1be176076de8c76b53f1e9bed47e08d01cbc2cc705e84c3bbc9450ad72198b98d2c205eb9933d9b53981b7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_de.dll

Filesize
45KB

MD5
f94bf06017cecd3ff5a110a20c4c6120

SHA1
56be1f4747e27b0d579b26d1572522ba978840ad

SHA256
1b59b6c79baf10d292ba9a191fa42c487474c7732da6b811a4d3263fc0a04234

SHA512
c2fe5fd48c27910916e7f4c971ed46bb365a76480431f3eefb872564927c1861d5584b1c8da560a035c759ebbe1d3d56314c2e7c23f738213884c1a757c8b5ad

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_el.dll

Filesize
44KB

MD5
ea3aca15226523a197ffa447a9dd18ea

SHA1
eb3cc9d0dd28802d3359b52dad0c06da3bcb70e2

SHA256
09115664c5ed1e3bc2c33f269647b71ca39543d68831c3c9f13c8ed2e956e303

SHA512
1684cb048bcf28e11948e45764b3d4f265c59e21f4d839c52f8210092894a18ee1888aca24312eb6ace30a7174496e6492c09d12ed5b450eda61571471609790

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
e347326ada9e1c6c6ab13f044d91250d

SHA1
e6af917d26b1e3e972df4ddb73299d824d264ae7

SHA256
bad073ffa13f94b1835a26b53e7a25ba82f699043cff6e903dd2c6cc6cc0c24c

SHA512
88dbbe2eda2dade981a290e009075ba2504aecdb1c2fa5379af1d21306e755140fd4a30bf3eb21257b0309e59a93b5eb0aa084994ed7db9e8e8ba6e5842afe9c

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_en.dll

Filesize
42KB

MD5
f2f4c858b723deedac66ce2735b269e2

SHA1
954c6df013e6fe4050ecb6e6ad9818fbadfc3a98

SHA256
a250affdf75be2bd57cd635305192e105d487ad9bbb35253485dcad7d00134f5

SHA512
97275b9c564bfc0caac3bd433b419cb85da6d0cd36ade15beb9ee2a30644c2db03aec3221ca4dbb6743f6a65ac8a5219c570fce01646abff1885783991af7746

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
14ce80480600a397ec5a49151d3b2ec5

SHA1
6fa520292ee2137e4e2a717f572bf28b8de471b3

SHA256
51096d6581b29ce93d0c4a278ced65947e1d4c7252895b352fe46529bc2112a1

SHA512
c02cc66185727cd6bb3b467a05febd6ecbb9974d7cb604940175435e068d39493dfb0169fecc1a041f6b697d81b836fe8ac00fc480fdc762fa567d81be4b0e99

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_es.dll

Filesize
45KB

MD5
ffb20fe72565de211aa1ebf66d820218

SHA1
7b3635f04239cc6e84b7a5e747b56d86b3b3c62e

SHA256
283ee4588e6311e9cd30f267ffe5cf09f544d426c82fc2194b8c5a9e016941d8

SHA512
0c9ab6e0ff6ab869b7e41f2b6311676321f8bebf19958e215e73bc21d61ded6d02980d383f72916a77d8b7b147c5e2100bba6ffbf61d9a64ea71c5be4aa9d668

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_et.dll

Filesize
42KB

MD5
354df2bbb184678381b8cbbb879c2e11

SHA1
24ff07105e2569524b26d6535ccc264ec8bbd025

SHA256
aad60540d4baa603deff6a5737e1d69509b0e83480686d068cb004b019634827

SHA512
603f94cd8aa784e65c8fc0297f6c98d80bc00afedbd86137b1f21b30eb83e3d62d1da73406f3f164a0b8251efe87051492d06f67c1dfbd8f1a4df49c13960958

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
5d694ebf355b1c7ab400857c41254e49

SHA1
39c72afd88ea0ddc3e4b26cac6db92dc66eb2ae2

SHA256
4fcfffbe2505fb43a6c7678ff1634416ff85ec8018164956a03637bc7451f02c

SHA512
5dd7673e54b0883d1afa2c84ebf2dc5132268af30315ac2897042bb906cd4cde6031152f3422d35c3b63fa9e7c271c5618d40429f79f65edcb9b0d40782ea7ed

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
80e38af7ff5267fc39d5cdb418920a23

SHA1
afe1803e14507609a15e57c9f851fc873fd0a1ce

SHA256
8e462384a52721263dd495504e21a6d4217c2ef93564dd3365bfc9029ca17463

SHA512
768bd2c0f45492d427058bfe2da1a6a6c06ad9fe65baf221a90d95cd66827356528895338091b43cbbf174b9d62f1632961e31ce5497dcfbbd0db1a107a1d8e8

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
d3254c652b2c1ccf5f1049a62e7fb481

SHA1
17d5bb860d28aff9d20dd7549233c73a974331b3

SHA256
9102d9afd67921976b3eb475c49586850ac1fc9bf43264d6f3e533e3753a1012

SHA512
aee716979be155302f93e624b0684e19f359e6fddc89dd35eb9e695b854032776c541347e1051724f2b1f638f2959e4e9c374a078f45f26099ce83b420fdbd01

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
e323c490e77b68e30df3e58bc0010d66

SHA1
5289006e067c24a99474a306aba50583a3539efd

SHA256
d18a6e95c0ca6fee2b41f5f412842ed8d0922d85da55380c8368c4a6ab933a70

SHA512
1d4f8df255bec95732263d17b0bf63fa42e6f998094dfac7f5684fa959eef8ba729aa6cf6f4b7ed7451871e264c8275c8c7d5b6b920f23b1e36f3ecf815b6595

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
d8013f1e5949ff226a9ec96e01975ccc

SHA1
9600d5a0b9963c894efd1a5633121e13f78defe9

SHA256
4c65d9e440d25d49906b4ec17c678d5ed69e5d2e25cdf6450987eaf3527bf367

SHA512
c228b2e89c3463af9b536617711fc4c554a6e10ac18e99f419e7f7d37933b5423e58df69a9c7af4615b85843760a8f559790baed574dc4be38efc3d976dd883f

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
81c24f3c059ad61358b2f9b662b90ebb

SHA1
63391db8f16594d1550b6d41ca9a9b9bd625eb6f

SHA256
755f6cbf22281bdb5b2510ffa729fb744dd9294025a5dbdbf37380ef9ee691ea

SHA512
98652d6e02552fa07bf2ec6560586f68ac96bc73325db0254d3cc87966caa31ae0d308690c11cfcbbde9c2f6627be8caf29de166af11e7cda066f75176bda7d7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
042fa693fac9d64fd5cd895af8ed7f68

SHA1
79e2544b740b6aaf424093b1040000c930d6d304

SHA256
5918c1813c48ba16b4a7e8230325ad70f4e78c8fa7acc4358530321c3ff24aa2

SHA512
f388d6f7edd7a69b00633870ae1582b335b7b43f94098ab2909c2bdcdca43e21bfac287d955954c9e31492ddc2688c0e5b9a2cff184919ad011cbde08eeb60a2

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
e78ecc6f92874278cc129d999efed327

SHA1
fb5ac5fed677cdeca12216783fa1789ec74c8238

SHA256
68134c6e7308d56b6d62bc7e5054b5c29a941b23c08e78d6af908868edb58707

SHA512
d02460f6e01753f782becea14880bbb8fbdd06e0b5b14321d02893441f07db3e2b001a26889ace80bd5962e7d21ef8abc4c0c2b1e418a079cf07f3c30ee81c54

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_id.dll

Filesize
42KB

MD5
516e1ffcc06b1975d9c08d6c09c62d77

SHA1
37c5a9881190a573b75c2cc50938a2aee2c09d7a

SHA256
50a563d3d8d2aebd9e5d847acf5228cd429b1f34e087e4c4b64632cfda2484ce

SHA512
4b4de00be9577205a4535593880d92b768d1963f8954b386c9d7d5b2984a0b0a62055aee09fe7ffd3df2b683dec24d5e654a2f2c8d24314bc57adb557336da3f

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_is.dll

Filesize
42KB

MD5
a7abd5fb081212f86b17eb42fb1894fb

SHA1
2ec713659acf92e27105d4fbd24cd4b8e7e17151

SHA256
bd0867f124fdb5e98e20cfad6ce2217d76d66038d80c87c63195d8d9b0d57594

SHA512
f486b3a2ffa510715ff5b324af1d7ae05c722305d4a75aa96f84e9e1321b7759532cfdb33041ac5e0841a66c3d9ddef680748670a81a1503d537ced2d7ddad63

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_it.dll

Filesize
44KB

MD5
4dd66d42dbf4ef7c6e0b0cda5ea17e9f

SHA1
45523056517ebcd37ecfcf47f033dbe2a4d05b58

SHA256
d6d495a040cfca1f1ffff98c90e49f2f6c20820edeccdbd5bb4125ce371bf618

SHA512
199134f7cf14352b7f1b4a6f143dd9ef35730561b787583684f5cdbe9b3de3451abf33c24fc645cd2ea50c4ffb286edf9b4dc03f3ab7f6a6e96cb07b1dc6db9c

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
f45d4b060952219add6d2d5a0e9140fd

SHA1
183e26cb083082cb5e3c84deb649c3b4f9a973fc

SHA256
8098e0eab2e35497e09600b3570a8aabb9a053a72ec803cd7038e1fac327342f

SHA512
a102e090a95b027073d55de24c4e0819c7d78663a888d8e5aaf975fd853ac734813496580b7a4d0bdc57caa9faff48e57010b1c163f65824b245d3e4017d41d7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
b6c7212b0e2c66420bca74f0ba17fc10

SHA1
992e31fa18b4cfd66e8041f99e2bf1bbead6ecec

SHA256
3789fb397f7462ce18447eeec1a284910fed79d34dbf31d2afa1293a0cd57712

SHA512
48db7443b1471e0515761c5798aefa9e0fdb5987da9abf7ad91f9bb01beaa37d9ee30b10357284ead2bfefa6242263d175cf8e4d8d3916b53b303b9f66901e34

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
4dd4d851b360e37b37dc16fdb8ced065

SHA1
5fe4f02f71cff6589eb4bdcf3ce0b1935cd62990

SHA256
7271e7f2136edd14019360aa87980d4b74c6532eb722afd2929c07b4ae7091af

SHA512
fd4bda9ed609d86f4869ebd8cf6c6e21f3424dc59c591ebd5be77dae71839b8382d74bd3ef91ca2125142903be14a23350b7366ad38db4eed3700765eec2d101

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
65fe80614e53a946c0d3e89bdf6762d4

SHA1
b1061e2dc2b4747d298f32a333c3c67d9f8dc825

SHA256
4e5573a069a378bc0fe75bb645e525959a24dd96df179a490d3de9a7d0d4d14f

SHA512
ec11987f28dfe0005f5920af9103cb2216ef9fe5b084b88b3f2994d13792803c1911543a008f49578978828788c1772c0faaedc65942b39373b980508ecc74c8

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
6b86bde387700c104af2001d6666ac89

SHA1
1eff2558a7015c4ee5a39f6291f4c9fead577015

SHA256
4e7de6c273804462217d23712622d9f10a68289698baedb7b857d3e7d0136c91

SHA512
93cf3528b1d63fff76a219b460c3acff19de6909a07bc5b400318669c7109231cba18365735f4d7ccc2a1b16c8f18f2996bf737c16f5f7ba69e0c7e248552232

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
a62e3d261005efff9ff678ec7182bb2b

SHA1
57d4d7183aec5a0675ada3358b2f7f28a944fa1f

SHA256
3183cef2280375c6afd4a995af3b1a1cb0cea110b5c3237eb9d06e05c17401bb

SHA512
89814da8f952f21f293da03405498095c169e9d88d8d4f965e0d0f79f02188419194c6ff6146bbb1510619d0e9ad2b672c72e87017f9649778583f533258e3d7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
c59c7bf8d00ded2d9208f3c7a605a95e

SHA1
89f74df126382b84cb1d55751e8828a78a0b95a4

SHA256
5e13ae282531ee05bc33ebcb3c449eb86fe54f623eaefb9e36db39eded5d6971

SHA512
caab4edc90c7719d6c49e31509539572b9b0f9743c6d2c883f67d82bf7ecf3cfd055427358c15011574e000f88bfc76f8103d20450a73103f3ffb34452672fa6

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
296aaf84ec0327a4f9812f6e2149838e

SHA1
decbdbd2596a534776d501d265b24ee08066a58c

SHA256
0931f3b17579c53df1afc786d91c3b0af5639a895ebcaab2869e1ee659edb4ab

SHA512
7c3d1853497367cb781ea2ec3e47707006635c30c141a4643b09a43f763d033328022a502aeaeba02f24a8769251e02614cff99ed99f24608729a99dfa6af97a

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
52daa5c7b9054a522b72318401a34821

SHA1
0b15ac6cd64046312858c8c2e021fcff438faf68

SHA256
3a4680d0416b9eeea19188c13af0f3ce1e8e4a086470c35d5b4186efbef9e245

SHA512
e161508ef4f5ec385a7a3b3ee093c8fa693caa30baf9a10cf7641e1145b82258dda1c6de50fd772f989feb0092e537442179e4a5fc834d9bc5668c189f934b99

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
ff71c1ba4dd3da36f91470864b1f8f16

SHA1
f632310cf1c3033c661d68370ad54dddb83cd01f

SHA256
0d9cc7cdab6b8766646bec295273e25d9b68d2e38adb04e9f767203d22992754

SHA512
40c811d7b9097420401dcbbc628839d8144c46f95f8d5392f7cbc1828024e17a7758702dec1b77019d123e4803ee7ad68db56ca675e7725fb9a81b2da00d2935

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_no.dll

Filesize
43KB

MD5
af36ad505f24739f8f4db79461bc5560

SHA1
0c49db80a1f0eb6920a25bada7877d7c761a720f

SHA256
20f7ad0d4bc0937ccf1956ec5e51eae5c87da6ceab247fbbead44c491030828b

SHA512
4920e2c6a6d059d1f0c121d2e04254fce0d1869751c9e436e308d8684267e65488e06e08cc4e36bbcc9ab8ccf706a7be4379f87ed9dad92625abf3cf9c19b096

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
600525c56697d8f901e1367be19496f0

SHA1
3f01fece1ac674eb1c0fe61974568573fbe808db

SHA256
8175dd4b7dfa01eed6f5b1ae66a5d96b5e38147a8311b7126a8584143528b046

SHA512
ca9c8d9ec7d4bf5d8c2389d10fc776d927d78d476121dafefcd5f910195f1d56d53162379e6b42e7c3b33578f28b0c02373ad1c3b1a1a375138cbf4bc0d228f4

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
50d7f7d06d117e9f746bf364e39d68bf

SHA1
d71bb21fe77d1352c2d395927871378c65fd81a6

SHA256
4ae8c669b277c3b29f1c833e27c49baae779585459ffc9b0845116f1d6b1a076

SHA512
aba6065d4b58e0e3ec57f31d2e618373ec501e279ec331db222ba777426f28b581d23ae0655d92d164cbbcec088d824cab5af1edbe50ea105fd7bd8ddc7a5217

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
d408e01fa0f01e5335963be9ded8fbe0

SHA1
f535cf48c742f161279326999bce53393cbb64ad

SHA256
77e4c03ed218b5ca4220d3bf488f9d5be639bc8dd82729947ee584cf997270b6

SHA512
d6732de897646d2a7ce51163717261b82659ce7960bfe56b954d3dbcb59a7239034b06330565b16c6bbbea81e21dc8130929f0638de1d62fd83a3f6a33bd4af8

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
01ba4e61bc3f0f43ef2099afcb6d15e4

SHA1
e559c76a682eaa8149b6ad6583401cd8c1a203d4

SHA256
2429348ae3ba801b2bf6dbd92573371b560ab8f72705c9ddd7a6f5abbd1faab2

SHA512
27081136c7438ba308f3dbfa8048a4f555d344cdd1f6cb52ec86603a5c36521086d914f4359efefc12b8fd8bb1662594236b2ae3b96f1ece10914e7d280c3e15

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
d1435b16ff6baa6b6e43b96585c8e13a

SHA1
db848c204ebd95267a06d8f20336bffd2f6414ee

SHA256
44b6942e321a832bb9c3007a06c0afb855e1c57e041f56e94f493a47928a08b9

SHA512
a0ace2589adce6a2344fc3994977469148fdfe165a531f94736119d6cd16da569bc9ac3d2c76be7b74d9a7c6a2f1cc6b250c91c15ec76563ffbf7200fd6e76b6

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
0cfd6e305e58890e48f419b9120b2a58

SHA1
d194fae7faa00de7d827be6b05f69841be5a4d02

SHA256
2b6d6cb23fa94636dda4bf6ee73318681494fccd98e3991c4dcd912b59390bb4

SHA512
bcd63fa03d9ba815defdcd38d77c693faf6159326525e1f16cc62525bcf904df335c11775317d17da9d74afc8cfaa89bd6ef2c0bc7423a51cb8c6ee23797a804

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
a34c1aab0d5b96a1a1ef6ce0cbe0caa4

SHA1
96e789206b5c7a672f0d9f0d39770f6fc0c7b49e

SHA256
0a7a80cdb9d0f7561b1b23739be5b88d324eed7475973b1a73b82caa8a7f0060

SHA512
fcea28aea896285a91e439006138eb83a4fd8980b3b4b96d6009e8380a6ec07bfb7b21ab253318b3ca9d8979d28d0c6fa0acae73a4ce891e0c5680df5b28e821

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
efe4bbdc9c19f7958db7c8c43d021787

SHA1
5dc6a30cd554177afccd71b327004edf774ba4ea

SHA256
0c3d6dc473aece920ebb14eecf30a801e172e081d5836a213412582cfed3fa5d

SHA512
97d8e754bd00badf7a02f4fad3e632a7a4c092a2bc6a9ae0a22073a2db7c08dba7a9e4afc2eef8b701bc1541918beb4ba3a064631de81de066939be43a51f7a6

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
54f03be889801bea3b194ba5e9b24875

SHA1
e324ab4a7a9cfa06bf71e8da8702a3e163a72ab5

SHA256
41e4ef50b3502717debaa47104a9dc2c1ec63ceca1479c4d320ff90ba35480ca

SHA512
277ef36a703b8cf5ae784f9dc6f393b649a0f1f48944d8d76b215ccdd420cbef259e1886d2c8b91cb021b4c6ae79223e59c55cec22ff0d86b6b6cecc05d44225

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
c216049e8c83864aa2d8bbe438de2677

SHA1
4dac9559d40da44996d024e34ee0520cb8d56ccc

SHA256
0c39d5b495e014f9dcff3b0e1a44c2c951bad2866091b5814789b111778a217f

SHA512
9d2cc3cd0180ca1698f4e182182108bb243e902bb5a308ca1480c6cc089b0cd50dd574d2df47dcb788f5704060c6b4977deee0ba3b64eaf9fd2fe9cc72bfeb75

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
3dab3f80150cdb21cb432bd9b0d3ba9d

SHA1
01e31067b873819576d5e4be2f8fb586b9bf5182

SHA256
f9623d1c8c252d9e885437ed7a25744501932673248af0f030b51c794d968fbd

SHA512
b61bd1f8f35d4ffeae93f7f62731499f1e491b545f7299e2f5909c223f6886611e100ae4a2451048066319b9b6aded4a93d224790c4494cdb4cd76935b4ac953

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_te.dll

Filesize
44KB

MD5
42d1261778ba72f8382489cd635b5c81

SHA1
e4848e742a8fa55cf24e98cb29d165a9eaf2bf6a

SHA256
5b443201b3c84ce839db1efd41d553da5126aef9618f929ba6b7353e9759cf26

SHA512
cda18edeb8fa73bfbfd8d8c00049a7ef99fb3f26b546e012f73cae10ab08019ad4c31212e87f44c2134afdb8692bd4b3636aac13204dcd3092bc9b13999f3cc7

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_th.dll

Filesize
42KB

MD5
5e1051b77f7f5cf15569e76731ed8c86

SHA1
650fda1b6e3e25b49018d0b8faad9d0b6e464e7d

SHA256
2120da150b918575c4ff9f96b5911d1696b5a919a0beaef2a397436b8bc5daf6

SHA512
cd185f18b52ce974c6553b297626e652f145f9ae7a338f1d76f282c2c02c1517e044415b501242fb12120ab7ec3a1977e15780ef60d0ab9d08808b372856a3f5

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
4482e8000ad515065f470abad2d4a0f4

SHA1
7fc3789c518598248d21205ff8f786bde1a6b643

SHA256
4fea38ccca487dcc6cd2e6715778b22c83ed2bceb990b78c9f34f7bf756cdd37

SHA512
376ce0c40f3c162dd870f8486b80c890f7da4789ee921a87255941e1ebfd53b644695e598864d2b9ab97f006743f6ea6fca422b23c7dd0b6e58d05aa308cafd3

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
7a74ef522672c24504edd5c7fa86864d

SHA1
2d0215409ec61a2debf45edf6ec6da1adaa1abbc

SHA256
f5f2944fdce5b2f689424a7a8d0054994b055326775dc4bc3949588e7b84dcff

SHA512
93d414b8069af12ebe9efbe84c6e1e3833aa3938bc3f122dad200d5b18ba9dd4503555d8efc8b96d64ecc7627b500d8e4fde708227da0ebaa5df2f1dc486fab1

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_ur.dll

Filesize
42KB

MD5
5b3ea134112b990feb77974b59c4b1b0

SHA1
f758865dd1ef0221757a5e14e4ed939a4c02bfad

SHA256
eba830621fb9513949bb83081e1e49f6d64f9083a329d71d5b46019d45b8d21c

SHA512
1fa879938edf6f38d28abb91ea8ff8011c92b8a333739a0ad3c44d079848aa4ead60b2fa58dcf247eca4af80efec355b642dcac30111a467fb16ba60c958b3da

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_vi.dll

Filesize
42KB

MD5
8ac8b29224159ef4b1b656f985f57777

SHA1
736561cf7bf906d41404db53da670c343d78a011

SHA256
5f14bfa8093abf485da1fc5d96e9824c917a72c5fb77ebf0a6512486f4d3cf8a

SHA512
fa4aa6b344277f6ceefa4c1defd31d72951729b3ed013fc3762d17848b8c217d6843c7f045b0010995e4bec8634291efb1d87f00a2ff51a08c6e45d4a802cd20

Download Submit
C:\Windows\SystemTemp\GUM78AB.tmp\goopdateres_zh-CN.dll

Filesize
37KB

MD5
0cd19bc4ccadef486340ea0975843e62

SHA1
b103bf09e8a62d890e95bca188f695da07fee55e

SHA256
0902a74479e10c2d3733b93671f83b68fd3796c66af3a7f91b115191313871da

SHA512
87be988c1f371e18d99d7c74a421cf05ab84de98b483feca45ebda6bcb79adea8665a2b291eae5699f7821cc165ce04bcbb599d8e51020eeaad48dffc7ba50da

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_10153005\manifest.json

Filesize
584B

MD5
1f1fb18e9df97a29d1bdfb8cadf2c586

SHA1
52e61ea89bcf5f6bdc1663f8f54590a972494b71

SHA256
2d8a5fa7839ee785002aab26185b679f7956c4c2d1cc006cde693d4f30390a2e

SHA512
90c6bc988cf7d00a6c8ac0be09079ac6d27bf4aaef49e265ceaed88cf236c73a740d23d5647c06065c2b2d5ef8ca68203bc9c60c00580b0ee1362db71209ae1f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_11323188\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1153205428\manifest.json

Filesize
518B

MD5
0db9a0c1b5cfc30c3d56caf99608b180

SHA1
1cdd68786be93ec7634b2d8715fe032f42e7c75a

SHA256
485146ef28344134290030eba7bb2d1dc3802b316fbc703daab9850852cff9ca

SHA512
c61b871438e919a46abcc1647eb7feac360d553cc28f8ffe3d5f61b05a36136d1ab7b2cfedcba5d9a119e1972b1cd3af708e9040a0d386fef88fbb8dc7e42b56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1212232032\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1347676400\manifest.json

Filesize
595B

MD5
23fb36dea2d9be69006f4bd62bce9728

SHA1
537c710b4e80309598e3467a08bfbfd169f335e2

SHA256
b6950c4c00a938203e293348dab455c35c49b556025104e8f491ce0f596634a6

SHA512
c0e773ae10daeca696016ee62b8f57493d7d078f157a91a33c5d078c988abd6453ce8062aade68bd98e370fc6ec441e987aee2b0771a4e3edca0433b3f40fff7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1465789280\manifest.json

Filesize
578B

MD5
1b1fd149a63602ee052f9d27b2951c66

SHA1
adcef0d9a9fc711fec99d41dd7b60573e1d7f8da

SHA256
96b849bf54b6e7502912ec3827fc8c684b15a40c74fcc7018ede0628803a2e26

SHA512
5bd35173f385080166df108a010152029a09b1aaccef63bb6e9c08eeb91330f8b5d1c82db1454f22d03c3936333efba7d363a05881e05654174f307db711274a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1592779670\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_1700738580\manifest.json

Filesize
591B

MD5
d8123cea1d7c1e87d516e838713de3ec

SHA1
ca148839bc9fa6c6ab505acdd96ce3c968960871

SHA256
0ca7add986b997d3484f209263ffa80f56763a3a9e8d6835bdb22af3fc05d4a4

SHA512
bd09f5fe536cc04c934ed4409cea5486a186cab4c789cfd080fea5ced86f01b1b0c605a6ea04fac585a0b75793ec08bcf50d06774419a53ca33b34b564a48557

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_2029715576\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_411266840\manifest.json

Filesize
94B

MD5
4e5c3754343982cf7a57d836e2e8d672

SHA1
aaaaa6e6f3151066221b5787187b7112b1aa511e

SHA256
e817e9bdb41478e7127f00d125a0dafb32fdf4bfae5e1752549aded13ce74d87

SHA512
a1e8ae728cc9257677bb1f4f1f536a2ad8beaa69f2bb42093475710ca517a32c62aed58cdef142cd2d968af89fcb0ee5b225993df93a1528d9569cd4e61aebd7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_544600491\manifest.json

Filesize
108B

MD5
38c0df9de441bb37256b1ced626a6abb

SHA1
4d0741e4acf4fd2cd7c452573511c23ffb114a2d

SHA256
c0c63e7f0dfda264e515bc36809c36484ef50a31926974a6085577bd25e3b9cc

SHA512
ddcffddaf19d546d6dc78fae94a1a9ff0418bfba98cb9302be115e87cf527697218dd07be63a76d67b225f591550fe0a8761ae3aa6c6da389e7f75e66d13076d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_592280361\manifest.json

Filesize
564B

MD5
b2a19aa845bc89bd0970c1a1cd2c4dd5

SHA1
487b6b6f909f9de24852d791ab23ae206070db6a

SHA256
10b088025febd5fa580164d49bcfb4e10f23e75a4a390d4456d588b71c8a0967

SHA512
5fc288a500681cdd8a3d75df4129cec439aa1bf29733be8b216115bb308abba980f81a5e5c6e2f7111ac2652f95ee54aefe90bf479eecefed90d6d99a034f622

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_763364540\manifest.json

Filesize
562B

MD5
2a7c613051a4897aa23e6dcfc7b33511

SHA1
9e8081311b9b05847f09f7d6f88611ec66f75439

SHA256
b95226014c7339f66cd6eee7605a9b4b3716b5226e2db240f009b8240a236edd

SHA512
523281fd38f32572e365144c77a55e2f9047d8ea59bbbf7e26d87ce351dbac6c79ef59574effcf415164bf70a336e78e1fd6f7900858a43821e5a7bbcb64d096

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_895606487\5a945f55-ef56-48b3-8071-d9de88c069fb.png

Filesize
61KB

MD5
3afec99c70bb5c5a20981d6d70093f3c

SHA1
c231db6fdcba0de323009e286f079d254ed793f1

SHA256
b6db8d1fda088c61134eb97fba345a9981bafa28a103e24fdd87167e34a859cd

SHA512
bf1495264dafa0d1a724c6cbbae2f63020ccc6cea00849419a6295d791a93590be9c0d316a1254923fc252858e5f46a016a9721d315c8fb904364782d2d895b1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5360_895606487\manifest.json

Filesize
546B

MD5
0d9704cf9e13ecf39bbfe590be51bde9

SHA1
d44e0144ff819c6c92becdaccc711c3043cbfd84

SHA256
fd0ce14bf37c62099eaeafb6cc54bed273314e5557103cb9131ecc504429b0e8

SHA512
b8932a9b4cff574ba5b62dde5e8c5746fdc6a974a974f3c98f5cbbc7ca4bcf632ed9f5b8c9cbb9b4a2f26eba1bfdc7f5efd81e6a225a7eba9e4cfbb4000f816c

Download Submit