cc00f4cf49623023e6a13a500fda644a1d39703677b2abe0b73b4ccdf7e87c93

Analysis

max time kernel
149s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02/01/2025, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Chloride Tweaks Ultimate 2.0.0/5 Other/Installers/BraveBrowserSetup-BRV010.exe
Size

1.2MB
MD5

686328fa484a6ccd03786051a3f11ab2
SHA1

dd5b792db91938542add3dec55fd178e0055db01
SHA256

521cde826cf008839ef644148d1debcd85f416c9a5a6ab09dc2bd29cdf24be22
SHA512

1d080d87aca3e916f498a733eb795a10cde92e5dd5b95684954498bb7882f8d183ab3d8ff288b42e5eef3db10a59d945b483950ef27ff5dfd8a9f1cad306b509
SSDEEP

24576:0mar/04vlA7ENc55qBRwxrQTiEAJZe+zU9finc2NIk1VfD3VjS9F:gr//lA7EKXqBqrQNIe+zU9fQ5BFEF

Score

6^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000\Control Panel\International\Geo\Nation	BraveUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000\Control Panel\International\Geo\Nation	brave.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000\Control Panel\International\Geo\Nation	brave.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ta.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\es-419.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\hr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\brave.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sk.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_nl.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_tr.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\sk\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\sw\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\zh_TW\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_is.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-BR.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\id\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_id.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\da.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\ta.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\bn\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\fr\messages.json	setup.exe
File opened for modification	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\4008_13380316156627039.pma	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\he.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\ro.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\cs\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\el\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\pl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\tr\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\vulkan-1.dll	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_it.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\sr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\vi\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\mr.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ml.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\cs.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\sl\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\chrome_proxy.exe	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_el.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\BraveVpnWireguardService\wireguard.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\de.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\en_US\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\lt\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ml\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\th\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_zh-TW.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\bg.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateCore.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\te\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\chrome_elf.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine_arm64.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\ms.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\de\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ar.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\dxcompiler.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\Locales\tr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\fa\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandlerArm64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\4ea92b89-9bc6-4240-849d-2f90dd171cf8.tmp	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\es_419\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4008_1714990703\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\pt_BR\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_arm64.dll	BraveUpdate.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_429297729\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_74722059\nabil-george.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-nn.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-mr.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-ml.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\BraveCrashHandler.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sk.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_74722059\StudentNTP_Luke-Berrigan_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_74722059\StudentNTP_Sam-Richter_x0825_WINNER.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1196878555\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_en.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sw.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-be.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_es-419.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_632902338\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_401294901\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_iw.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_3408_146970961\khaoiebndkojlmppeemjhbpbandiljpe_67_win_kfegpqlp6gezs4ree2ol2br2ym.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1260733499\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1307766921\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-nb.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_zh-CN.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_74722059\StudentNTP_Alyssa-Skala_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_74722059\spencer-moore-4.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-or.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\Greaselion.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sr.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_632902338\4974ec00-5d87-49fa-9491-da3d3c9fa924.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_3408_912289668\extension_1_0_1017.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\https-upgrade-exceptions-list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_257979578\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-en-us.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_401294901\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\psuser_arm64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_de.dll	BraveBrowserSetup-BRV010.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-nl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-kn.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\psmachine.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_da.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-la.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_822355945\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_429297729\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-it.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-ga.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1464335023\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\psuser.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_632902338\photo.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\scripts\brave_rewards\publisher\twitch\twitchAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1196878555\metadata.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1683212672\ct_config.pb	brave.exe
File opened for modification	C:\Windows\SystemTemp\GUT7B6C.tmp	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\psuser_64.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\scripts\brave_rewards\publisher\reddit\redditAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\1\request-otr.json	brave.exe
File created	C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ms.dll	BraveBrowserSetup-BRV010.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_948135468\manifest.json	brave.exe

Executes dropped EXE 50 IoCs

pid	Process
2172	BraveUpdate.exe
4568	BraveUpdate.exe
4156	BraveUpdate.exe
3584	BraveUpdateComRegisterShell64.exe
388	BraveUpdateComRegisterShell64.exe
2284	BraveUpdateComRegisterShell64.exe
1020	BraveUpdate.exe
4092	BraveUpdate.exe
4532	BraveUpdate.exe
3896	brave_installer-x64.exe
4008	setup.exe
3100	setup.exe
2164	setup.exe
4400	setup.exe
3312	BraveUpdate.exe
2276	BraveUpdateOnDemand.exe
3156	BraveUpdate.exe
3408	brave.exe
4840	brave.exe
2556	brave.exe
228	brave.exe
3592	elevation_service.exe
1248	brave.exe
2412	brave.exe
3156	brave.exe
1224	brave.exe
4524	brave.exe
4816	brave.exe
3184	brave.exe
5348	brave.exe
5592	brave.exe
5608	brave.exe
5620	brave.exe
5744	chrmstp.exe
6020	chrmstp.exe
6072	chrmstp.exe
6108	chrmstp.exe
3612	brave.exe
5188	brave.exe
4524	brave.exe
5448	brave.exe
824	brave.exe
4740	brave.exe
5884	brave.exe
2368	brave.exe
5476	brave.exe
6028	brave.exe
3080	brave.exe
5256	brave.exe
5932	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	BraveUpdate.exe
4568	BraveUpdate.exe
4156	BraveUpdate.exe
3584	BraveUpdateComRegisterShell64.exe
4156	BraveUpdate.exe
388	BraveUpdateComRegisterShell64.exe
4156	BraveUpdate.exe
2284	BraveUpdateComRegisterShell64.exe
4156	BraveUpdate.exe
1020	BraveUpdate.exe
4092	BraveUpdate.exe
4532	BraveUpdate.exe
4532	BraveUpdate.exe
4092	BraveUpdate.exe
3312	BraveUpdate.exe
3156	BraveUpdate.exe
3156	BraveUpdate.exe
3408	brave.exe
4840	brave.exe
3408	brave.exe
2556	brave.exe
2556	brave.exe
228	brave.exe
2556	brave.exe
2556	brave.exe
2556	brave.exe
228	brave.exe
1248	brave.exe
1248	brave.exe
2556	brave.exe
2556	brave.exe
2556	brave.exe
2412	brave.exe
2412	brave.exe
3156	brave.exe
3156	brave.exe
1224	brave.exe
1224	brave.exe
4524	brave.exe
4524	brave.exe
4816	brave.exe
4816	brave.exe
3184	brave.exe
3184	brave.exe
5348	brave.exe
5592	brave.exe
5608	brave.exe
5592	brave.exe
5620	brave.exe
5608	brave.exe
5620	brave.exe
5348	brave.exe
3612	brave.exe
3612	brave.exe
5188	brave.exe
5188	brave.exe
4524	brave.exe
4524	brave.exe
5448	brave.exe
5448	brave.exe
824	brave.exe
824	brave.exe
4740	brave.exe
4740	brave.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV010.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1020	BraveUpdate.exe
3312	BraveUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803161833603549"	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ = "IGoogleUpdate3WebSecurity"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0\win64\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\ProgID\ = "BraveSoftwareUpdate.CredentialDialogMachine.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods\ = "4"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ = "IGoogleUpdateCore"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\BraveFile	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ = "ICurrentState"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine\CLSID\ = "{00B16F95-319A-4F01-AC81-CE69B8F4E387}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\NumMethods\ = "24"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CLSID\ = "{08F15E98-0442-45D3-82F1-F67495CC51EB}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ = "IBrowserHttpRequest2"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E26A731-9822-4522-A4BB-D8EAB8B3482A}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\BravePDF\Application	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\BraveUpdateBroker.exe\""	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ThreadingModel = "Both"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{66CE3D6C-0B35-4F78-AC77-39728A75CB75}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\CurVer\ = "BraveSoftwareUpdate.Update3COMClassService.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E26A731-9822-4522-A4BB-D8EAB8B3482A}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E26A731-9822-4522-A4BB-D8EAB8B3482A}\InprocHandler32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods\ = "4"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\ProgID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32\ = "{4508DF8F-DB3A-46A2-9847-0D9C2616BA48}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\ProgID\ = "BraveSoftwareUpdate.OnDemandCOMClassSvc.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\LocalServer32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
4092	BraveUpdate.exe
4092	BraveUpdate.exe
3312	BraveUpdate.exe
3312	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
2172	BraveUpdate.exe
3408	brave.exe
3408	brave.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3408	brave.exe
3408	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	BraveUpdate.exe
Token: SeDebugPrivilege	2172	BraveUpdate.exe
Token: SeDebugPrivilege	2172	BraveUpdate.exe
Token: SeDebugPrivilege	2172	BraveUpdate.exe
Token: 33	3896	brave_installer-x64.exe
Token: SeIncBasePriorityPrivilege	3896	brave_installer-x64.exe
Token: SeDebugPrivilege	4092	BraveUpdate.exe
Token: SeDebugPrivilege	3312	BraveUpdate.exe
Token: SeDebugPrivilege	2172	BraveUpdate.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe
Token: SeCreatePagefilePrivilege	3408	brave.exe
Token: SeShutdownPrivilege	3408	brave.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3408	brave.exe
3408	brave.exe
3408	brave.exe
6072	chrmstp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2172	4164	BraveBrowserSetup-BRV010.exe	83
PID 4164 wrote to memory of 2172	4164	BraveBrowserSetup-BRV010.exe	83
PID 4164 wrote to memory of 2172	4164	BraveBrowserSetup-BRV010.exe	83
PID 2172 wrote to memory of 4568	2172	BraveUpdate.exe	84
PID 2172 wrote to memory of 4568	2172	BraveUpdate.exe	84
PID 2172 wrote to memory of 4568	2172	BraveUpdate.exe	84
PID 2172 wrote to memory of 4156	2172	BraveUpdate.exe	85
PID 2172 wrote to memory of 4156	2172	BraveUpdate.exe	85
PID 2172 wrote to memory of 4156	2172	BraveUpdate.exe	85
PID 4156 wrote to memory of 3584	4156	BraveUpdate.exe	86
PID 4156 wrote to memory of 3584	4156	BraveUpdate.exe	86
PID 4156 wrote to memory of 388	4156	BraveUpdate.exe	87
PID 4156 wrote to memory of 388	4156	BraveUpdate.exe	87
PID 4156 wrote to memory of 2284	4156	BraveUpdate.exe	88
PID 4156 wrote to memory of 2284	4156	BraveUpdate.exe	88
PID 2172 wrote to memory of 1020	2172	BraveUpdate.exe	89
PID 2172 wrote to memory of 1020	2172	BraveUpdate.exe	89
PID 2172 wrote to memory of 1020	2172	BraveUpdate.exe	89
PID 2172 wrote to memory of 4092	2172	BraveUpdate.exe	90
PID 2172 wrote to memory of 4092	2172	BraveUpdate.exe	90
PID 2172 wrote to memory of 4092	2172	BraveUpdate.exe	90
PID 4532 wrote to memory of 3896	4532	BraveUpdate.exe	100
PID 4532 wrote to memory of 3896	4532	BraveUpdate.exe	100
PID 3896 wrote to memory of 4008	3896	brave_installer-x64.exe	101
PID 3896 wrote to memory of 4008	3896	brave_installer-x64.exe	101
PID 4008 wrote to memory of 3100	4008	setup.exe	102
PID 4008 wrote to memory of 3100	4008	setup.exe	102
PID 4008 wrote to memory of 2164	4008	setup.exe	103
PID 4008 wrote to memory of 2164	4008	setup.exe	103
PID 2164 wrote to memory of 4400	2164	setup.exe	104
PID 2164 wrote to memory of 4400	2164	setup.exe	104
PID 4532 wrote to memory of 3312	4532	BraveUpdate.exe	108
PID 4532 wrote to memory of 3312	4532	BraveUpdate.exe	108
PID 4532 wrote to memory of 3312	4532	BraveUpdate.exe	108
PID 2276 wrote to memory of 3156	2276	BraveUpdateOnDemand.exe	110
PID 2276 wrote to memory of 3156	2276	BraveUpdateOnDemand.exe	110
PID 2276 wrote to memory of 3156	2276	BraveUpdateOnDemand.exe	110
PID 3156 wrote to memory of 3408	3156	BraveUpdate.exe	111
PID 3156 wrote to memory of 3408	3156	BraveUpdate.exe	111
PID 3408 wrote to memory of 4840	3408	brave.exe	112
PID 3408 wrote to memory of 4840	3408	brave.exe	112
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113
PID 3408 wrote to memory of 2556	3408	brave.exe	113

C:\Users\Admin\AppData\Local\Temp\Chloride Tweaks Ultimate 2.0.0\5 Other\Installers\BraveBrowserSetup-BRV010.exe
"C:\Users\Admin\AppData\Local\Temp\Chloride Tweaks Ultimate 2.0.0\5 Other\Installers\BraveBrowserSetup-BRV010.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdate.exe
  C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4568
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:3584
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:388
  - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
      "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2284
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntBQUFEQzhFNC03RTE3LTQxQjItODA3NC04NzI1NTE5REJFQTV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7QzVDREVGRkItMDRBRi00ODUzLTg1RDQtRjcwNTg5NUUxNjAzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE1MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI3OTciLz48L2FwcD48L3JlcXVlc3Q-
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1020
- - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
    "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{AAADC8E4-7E17-41B2-8074-8725519DBEA5}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4092

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\guiCC99.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\guiCC99.tmp" --brave-referral-code="BRV010"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4008
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff66d04f418,0x7ff66d04f424,0x7ff66d04f430
      4⤵
      Executes dropped EXE
      PID:3100
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\guiCC99.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2164
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{73A6A29C-9A97-4D95-892C-95B25298DAB6}\CR_0019B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff66d04f418,0x7ff66d04f424,0x7ff66d04f430
        5⤵
        Executes dropped EXE
        
        PID:4400
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntBQUFEQzhFNC03RTE3LTQxQjItODA3NC04NzI1NTE5REJFQTV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NDQwQTQxMDgtMTNFQS00OTBELUFCNDMtREVFMUVCQUVBNTIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMS43My4xMDQiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEzMS4xLjczLjEwNC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMDkyODY1NiIgdG90YWw9IjEzMDkyODY1NiIgZG93bmxvYWRfdGltZV9tcz0iMTE3NTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ2OSIgZG93bmxvYWRfdGltZV9tcz0iMTI4NzUiIGRvd25sb2FkZWQ9IjEzMDkyODY1NiIgdG90YWw9IjEzMDkyODY1NiIgaW5zdGFsbF90aW1lX21zPSIyOTkwNiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3312

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Checks computer location settings
    - Checks system information in the registry
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x120,0x124,0x128,0x90,0x12c,0x7ff900851d18,0x7ff900851d24,0x7ff900851d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4840
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2124,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2556
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2012,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2256 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:228
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2372,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2624 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1248
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=14910735444541103401 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3468,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2412
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=14910735444541103401 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3484,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3648 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:3156
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4196,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5044 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1224
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4764,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4848 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5244,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5260 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4192,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5240 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3184
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5232,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5252 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5348
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5420,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5608 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5592
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5576,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5608
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5308,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5728 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5620
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:5744
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff767e4f418,0x7ff767e4f424,0x7ff767e4f430
        5⤵
        Executes dropped EXE
        
        PID:6020
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        
        PID:6072
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff767e4f418,0x7ff767e4f424,0x7ff767e4f430
        6⤵
        Executes dropped EXE
        
        PID:6108
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5212,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5748 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3612
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4760,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5912 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5188
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5876,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5868 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5924,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4740 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5448
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5824,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:824
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5240,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5352 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4740
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3028,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5760 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5884
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6084,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6000 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2368
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2776,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6012 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5476
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6032,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3464 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6028
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6056,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6112 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3080
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6012,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5812 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5256
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5816,i,620408958872717071,13663633213426536422,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5680 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5932

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe595809.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
5a542dedced43bf040f417afff28eeab

SHA1
e38608e6b5f38eeab6194cc80bc5c9fd58ab3f54

SHA256
c384cf50ef3bbd393ebb7b0d573bb5e73f962af01590ff2c734d5f16df995599

SHA512
bb9e9bdd48c9f86863b3b4f8baa221f559d9b9a5e1429d20e43277c38e979c0152296c8d8930f1749e1d6168e7f3b62d00306b7332c55427d5c7cf01861f3587

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe586c90.TMP

Filesize
2KB

MD5
389024e509b2d4056471841d12e43904

SHA1
ab42ae6e7a8a02d38fbc1297fc1dee03b5841302

SHA256
51a6d18f88a41955e30caf13d7409808deff0b232653558595502dd2c6d4bd17

SHA512
10923eb66ca032822104bd3808ff93bf5ee97cb23cf9feb2b5772557c059ac7519c86334ea038719539cb910b26bd5bd17c93221b4d0dd879e62b516f2170f8d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\b394a74d-ca4c-4c72-8fc9-34fc9c71a2e2.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
81a029b0cd300a47ef683730736ef3c2

SHA1
a4fdbe1ec71856728b71dd2490db1b0093b1ebdc

SHA256
84bdb72e92e41b46e0a2f926475e8fb894d036d08681b9046fc3db5d70ff4a00

SHA512
357577ed709c728ced2ac6ffa892df3893d3ecb692f3c858568c82f88c0ebe723e859a5c54530ff81b2d121e1e6a9f8ef2fa2f9b52414ff76355eda567b873b7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
f9cfb7406e673322d98d303f4c30a885

SHA1
392f39898241a8791cfd87c1a483381c30caab32

SHA256
18671a20a0fffdf9670b5c00f722fdd2e2ee40b40168c68ec2669e733274e120

SHA512
86cf6db15520521071abbafe9e10b4d888316c854719bdfe6b8593827b81ab91ffa83c702445c60cd75941bf363f372f1a988cee6862ca418100d38285e975b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
fecc8b8275f25fa98c3c2e8dc55f2315

SHA1
9d624704122f0ee12140a0ed7a00d22ab89e94d2

SHA256
926301589ef356c447ab3941138375ff90f1b744fd228ca0644ba7b907902023

SHA512
2373904a64661a965b56319f9346b6287c8fdea9201033e76999be2e863ffa73c1e326305ad69ebac179bc36b9e72d1c0a5d95da6f1bb1fc56676cd1711b9232

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
713c7f2731241667e1705be88a8d90cc

SHA1
6f6f56b99c58d78ce19c8f9d3ee9579f71cd531b

SHA256
9fb0530e2722c36ec7d169c1f2777ec423a30b845e0ef1ee340a42db633e47b9

SHA512
01005cc48d2b0115e9068f1227a4b4bc8222a7eab97023cf057dcf41fb1b5c0cc00b5e1c903432d6cdc7d2d9d565560306400b2fff15c28619fc15df2edffe24

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
58KB

MD5
747cca1e8085715d9cce8c1260798245

SHA1
de4d4a8ba84415f8ed07ba10fe1a7cbb8d71fa13

SHA256
7f502c78b28795df23dbf515b1704af9846f4d4d0b3687990b88549662bd71ee

SHA512
bd5d8075e23aac93b4cca3c6b7246cc09a457eb20e7f65cfa125956aa202d3cba84e2d74d99dc4c55690035750092ce106d2b08cc9bdeb48b350fe2e02833cb3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
59KB

MD5
ffd68d3b458e6e6b6104810d815d8b1f

SHA1
ecd03eca0e2b1f84297434ac29806fe9123baaf6

SHA256
8b17caa534bd424eafbe7e34d5596ee26b071282c61b2317d25ea1ea277f2a65

SHA512
4d5b23c594b401f50f80f29fd958f6d35902ff1ee9d9e91f76bd62f8dbcfc53e2af3813d9c55f5f4e816e5c0e2edc79bd44d55da39e18365ffed4429b32ce718

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe584551.TMP

Filesize
6KB

MD5
f34d975ae25ebb94adff64f4ad79c53a

SHA1
7f6e613079dd01d285506962f669e510b4b9e81a

SHA256
9599e49ff8d412071c514840302d9be877bc42228a4ad3312d8ab0a647820184

SHA512
52c63459c779719b5d17fa5a81b3dd2a8dcbbf8d8eb28f9ff82e4c0c34736bb15b92e9099ddb611b7225a49881aa59bc3e2ebd6d2f71c7202054d136a8503ea2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_a9af85da93b67d89a7b91c10a60c8290b0ba74bfb9bf885932812e4aa5429063

Filesize
50KB

MD5
015550e032ed4317c16d5e2b4571e824

SHA1
ab7f101c9bee23fc2a1ece1d69d8b6766746ba6b

SHA256
a9af85da93b67d89a7b91c10a60c8290b0ba74bfb9bf885932812e4aa5429063

SHA512
fb59283e175168ae0b03c81855bc9343d2d50eab3b1e4e61c64a751e98f6854be5b56d211783a7555e18ed7036bef11dfee4fbc431ab883152e332bd0c919081

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_52ba9af915cf73a0f1b55aeec94c5f839ecce008cdf2a0031db3841357ac0c91

Filesize
71KB

MD5
458ff34d9be566f80b467f441d44b44c

SHA1
24d05b6b7c649dba4def84263e713ca6f34c0a1f

SHA256
52ba9af915cf73a0f1b55aeec94c5f839ecce008cdf2a0031db3841357ac0c91

SHA512
f5d5fd3704ff21e7886570a34d4111b22a13b22ee2e4fcbdee60a043e6345127b8ebc8e8f3827da75802c1f1702be042ab3164f25544d7fe2a5b107ca86c6a22

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_882eda92ccf19451240688a56f1c32e46ecb38033864712311d3e347d924b473

Filesize
18KB

MD5
c45cae4fb27e2b356d3f10196c478d1d

SHA1
9c7a970bfb4f24829792609685c307088f15c77d

SHA256
882eda92ccf19451240688a56f1c32e46ecb38033864712311d3e347d924b473

SHA512
576f4cd48c94bed0bf02de8b3d4c3335e158813ba2ec0a6e2ab0be2eb283e5f41cfbf4d6baea88a0ae5892f85d07479c3b6b56b0329d15cb3bd25c389489bd3b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_fe77704adc006677a6bdf5cb87e1b8a16468edd03f617e642b14f6aaedf33165

Filesize
411KB

MD5
53f5501cd95e0a8caf7664c7e0d345da

SHA1
353a401355dd6c6d4849f403b53384838371e708

SHA256
fe77704adc006677a6bdf5cb87e1b8a16468edd03f617e642b14f6aaedf33165

SHA512
0260f0e5eb2f878dca87a6ad2cedb8889c71e1c2cb87ff5b232b6b6963333df6793a1f4309aa6d4e53434296d5ba5d73a3874c69092e659f9f14cb643abc9d1b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.309d2c69220b6b14326ae4d0502fbe965d374b626b48acc5b249582b90c3f42b

Filesize
150KB

MD5
c186eb83a03b38a8558e9a0dde067dfe

SHA1
fc7d098b87c458e88369f7994b55add8f7db81a1

SHA256
309d2c69220b6b14326ae4d0502fbe965d374b626b48acc5b249582b90c3f42b

SHA512
25d9305fff9b31dde360b4ce2c1c4bed03e6000ea50e4016d9fea52285c1fcbc5d666350394e14ccf319edd08bd45c66212bbae78c2b282962178c4db5d26ac6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_7a8a03d6c0d07821f89144485b54462160fe6181b719095eb238d0aaf0c50e20

Filesize
1.6MB

MD5
c92d930dc73168fce82a3b6e38d9a2e1

SHA1
937a97c0e3a1d38fc0f9c03f5ec54b3576f3d914

SHA256
7a8a03d6c0d07821f89144485b54462160fe6181b719095eb238d0aaf0c50e20

SHA512
18e626d7cc4a0a04a462c7dfe9a714551c6ca52488ebfce12951316a9e5db44ef17799d2a24d6cf0009a51164c519a09985ee50b32c51aab91e25825014c213a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.8f2156c9c55b2854005f0ecfcdc23654d0acb1c505f2b698013e44bab994fe80

Filesize
10KB

MD5
48435969dc9cb9937f0a98dd6749a87f

SHA1
94468724e1bc8f1ea5b34072b67d1806a8c84cf5

SHA256
8f2156c9c55b2854005f0ecfcdc23654d0acb1c505f2b698013e44bab994fe80

SHA512
28b2fa4f65234bae6b2fa641311a6a70784b40905795d7f49c057c7c03177bb2faf257ccaa25c62de2b67bdc2799363d1cbfdbc7b2e6bd196d3d120c58ae7b6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff

Filesize
74KB

MD5
00128ecb04200fe447cc1cdf6c6b83f9

SHA1
b4c8a71e72c0b7502f348e88180e2afc46ba33da

SHA256
ef46bc0eb4964941eda6cef8c6a4feba90dbd8f96a88492689485b40f3b358ff

SHA512
543f00597fbd8867f5c69af96f5781db3a4663290f1165a0e5320b1754a89abb70b5860e6b1d72c54eef2258bb686c0167c4666cdb658abf821a59d752bdf27a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.6c670bb5af0736183915f4f24a8c4e7fc8f68fdb134b6acbc95b91cc6ca900a6

Filesize
611KB

MD5
b475189b52b0171a25ad17ec638f8a85

SHA1
79b1311344ef8c0277b9de6e25b9a1a2946bbe69

SHA256
6c670bb5af0736183915f4f24a8c4e7fc8f68fdb134b6acbc95b91cc6ca900a6

SHA512
1f35e0e9123bf80f82ed78170bc9646ebf8926d35f7cf51d79edb5a734ad1609c0d0b52b3493ad04e59a1d3d8b1840fd36f310ed014e5d1ecff61d4470be8089

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_e45484ca7988eb901a555ef7d77b310be9fe94431dda4cbb3e4765ad5d751311

Filesize
1.6MB

MD5
fd3db96d1f6b8efd8cf996da76d7b25d

SHA1
5a96e0c5fc72d23dbe5dd02334100f2d1220e3c9

SHA256
e45484ca7988eb901a555ef7d77b310be9fe94431dda4cbb3e4765ad5d751311

SHA512
08f9fe15580c6f67b1e42db2be271ccf4f54b144a0fe9b358b9122c788d4b567f95c55ec000788ec1df34462515e1f4a2f2caa65acaf7c70175096f9c762d543

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.6b02896a436afdc9acd9aa818ffa6433b513f5cd8ed0ce54bb83e2d4db2ba3ab

Filesize
9KB

MD5
33bb0f5e07aa3208964b602d7a9127d3

SHA1
f75bd3baf17817914038d96280f1c446d772712d

SHA256
6b02896a436afdc9acd9aa818ffa6433b513f5cd8ed0ce54bb83e2d4db2ba3ab

SHA512
afa79592cacbdb47bcf709c53d70adffab41ec2e054738165ade664f6c6189b05807ab65a0561d77ca8525a1de402c01959ada27f18fbc8475e74d43dd16964d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

Filesize
77KB

MD5
1068b68cfdad67e39e13fb7b97adbdb6

SHA1
d3dac92d9c28b948ec33699ff69ae75a900de6cb

SHA256
e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

SHA512
da6c4d63d8d22e231d5101d93429a3ecc33c89d62b5fc969c7276816d79f8cbe45a16652507581480edb83b61f0e1c57f41e4432f6fdd67c878f38e0d4eef64d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.95fb949e1f2ed6407c041adec19da4f5b4d2f081e6c60aa5fee35c24ade856d0

Filesize
5.1MB

MD5
e6a22e336d7ede1951c40cdb9b603d95

SHA1
34bf97a10b2474fcbc1b12e4b69517fd77c7b917

SHA256
95fb949e1f2ed6407c041adec19da4f5b4d2f081e6c60aa5fee35c24ade856d0

SHA512
efa596656790c768697a8d5b5f3814f5a4ad9cd475d30a523bcc8770d2ddd8cea18143f570c591c437c4560a0f442e55981bbe027c250b06f54718adc29a1123

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
10b64dacea71473792d74f1ded5a6d06

SHA1
9038aecce40c81c586d7bbe3bb94c1b85e7c64f9

SHA256
3a8dee7b7966e7460162925f33cfba12df8ca7bba7b5cd0ecac5f0d3adfc9921

SHA512
0327c1d09e848af3757cac018262ec60575e79389e8ee2647eb24a994d17b65666bc21f04cbbf9a3475ceaaccdfb6b4fd9acb94d2808d94ee7e17896d554a31f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
82e0ca57e9279fe9ad0be0364ee6979c

SHA1
29bb5c5fdb0482f4be4dc766c898c4a6d3d38660

SHA256
1283bc44571ecb972cd13ee85b6fe316fc814636bc5df0579109241af926d24f

SHA512
0c2c812b9afe1ceee787f41c4ee70108d9f4776aedde6284c5dbb0eec70f41cab426e08068d80f3416ad671c4d6026e79e88711f5bed6505401aec9eccfd078d

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
4e848618fc69ce6581f585de04e2fad2

SHA1
57a12dd15075cf52c49778c6f94a57af5d61f1ce

SHA256
9751ff3b6fbd3fc7f7b83c83a938c1b9ab680da6726d44be597b4c2cb99c0855

SHA512
7940151390b96d5adecaa5d29a5b04fcd903024c16b34a4a3fb2da8a3cf9656ab2b51686ab11348fc92291e2add0d81705f2ef0924365c5be925df848afa5831

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdate.exe

Filesize
163KB

MD5
1b6c6644c8390f254415bd2637361749

SHA1
d622e38e4946753a1139c430c5f596f27747467c

SHA256
b3395275ac0149dc30eb6d78c2500a515b6fc6306a1b2ccb4067a4cc699a93f8

SHA512
49c652f794f06681dc796b8e9515e1ab0e6854f3e6e659db89fdad95e32a02585eab384758ba9345ff5458502d34c6ec415ca87919445dc669285b460ac5f828

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
2a6e76a33d9214a43509dc1a98aab86c

SHA1
c3b5e0d5ddcc44958ecdc8a8f9b3f98d186ecad1

SHA256
109f65758b7db5da71d5a0ad9b54d52fb157b3a5595a694b4fd2c3b77a7a3e12

SHA512
5cb21a50273c6b7f6a277bbd5867c02603e8398c080fba26e101a20d68645d06ec1cfa20ebe4564d1b07ac44bc6064ad7da1ce0556a427079ffd06d4ac84b259

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
8402076cec1ffb3866b79a91f524c37c

SHA1
e7b7b177b971c88d31cd9d61ffd51f38c45e0ade

SHA256
279f4667dad4b627752ec0e06188e673d8df35feb3053693257355580bd0ca2b

SHA512
785941efbdf71ed00c90039b34e50554a55ffb68c53ed0281d265369ed867aab71cb4a76d5e65d76cf2cb48906b06bc0dcfed7ee36da40cdf27fcb88725d62bb

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
a4848a8d9fe336f75cb593c9c7ccb6ca

SHA1
3d01ddf141cfcda27ddfc2f3c146521d96ace9ae

SHA256
f6beb238ae8985ff5106a200715aeae8eab16149cae81b6c22c4a83a9593a1e5

SHA512
4e5db19a84438f6856c63bad145759ad47456490fabde2c23079e7c20dea723f3eb31867625213f350386192bd64714a2579b3da63818c66ef542862e8c36a83

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdate.dll

Filesize
1.0MB

MD5
8e9f0bba95dbd34c300b2edf9f11bb77

SHA1
8307a7b819f948aefe869be27ef7461d22c3660e

SHA256
8aa5bce0e7248bd76370c2dbbd03f7664926846f1a93c66c339d818c859ffd23

SHA512
2e7d0b11f7c6d1373b0ec2b20ad5972495c962a9af78d4a0df6e014a12400e2053a9385f252eb85df7af4237e052e5448e7e9ac54cbd0030dd9d061d83b2097c

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_am.dll

Filesize
42KB

MD5
13992ec0b96312a1d78f1cbea1f8322c

SHA1
6305e8af19f9a1d43efed5dba10fd93dbba3e8fe

SHA256
25548c37d2cf434080ecc7688700a50008f59c4bbf4608de9d583abfac20d2a1

SHA512
2965e032797f8656b7f3553346fc3f61e4a12b8adee349dd43e0bd4c69daab275cb1f3f830e12fe6471d913d8fe0b17a7132a550481a566f12edaec9ce471131

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
4c085c8429a62b27ff97b88b5fb96c66

SHA1
b0ae2a15004acf569966f326386f8b1db8e49236

SHA256
06abd8633f147dab80c5afdc05b106e8c81cf4e08e069fecd83b24cc24257199

SHA512
9ba0adc7e2f30fccafc16fb598625f9077c58cd96cc36c803793325f15841d5dd9d11d0c9d3b13bd044f8cce1ca2193031be88d3c2099457c42f7e1bd03e8d4c

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
99593884b1f7fcaa1f34c154481b487c

SHA1
9a8f066b1561e6b43fc8c034a1f37869bd4a804b

SHA256
efceb5b68690a92f5f36bd3979d2d00aa5d745c74cb9b0bbe286676947f7a7a9

SHA512
dcabeab7e470800740b990135661dd170cb82d675db6a895b64ae196efd37247c0cb27bba6a7ebc7d2b35ab295391949ad3cc5e842e2da4391f335c27459886e

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
63d011ce72af99724bba011045c1cb67

SHA1
1a3a8a388056c3e2f69e137ace31b230334cdd42

SHA256
c3cea8c03b3cd7d06882b247339d24e3524f6dbacb28f8de49f105994e3368ba

SHA512
4218ff86ea24e7c87b2366c1e07bddae0ca5c5ee45db6158d28ceebf272f91a44520ea631fae20d8d99bba15a465fd726e9dc88c3b3aec592add2e79d28f0958

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
fe3148d1e0daf150d61215f904c82317

SHA1
afd63f245798165a84703cbd98cba73956d6ff0c

SHA256
301fd5bdfaa4bbcb6d2ff3a93717f737799061856250cbe9ba058d94c145a6d5

SHA512
6080256941dcfdc0f948373a7ba43b438eb74652d1d82490f207c0f452612145cbc9358b56cc7924b317dab33e51108811cc90ac3447a1f9c4327bbd493995b5

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
e44631397ef12ea9c13ba21f518b4ba1

SHA1
1a27a74c9facae2af61594e59b4d74ec17e23b59

SHA256
e2df3e8725c1df47a5672994551753015ea31bb1923961eeb6301f620299753d

SHA512
f465905b4227f6420501977019f9dbf1752a756154d04948e628a510cc6de2e36f3404ac65b548a42c001254a840ffea17d71d236ea4fb0322b1cb6e0ce03073

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_da.dll

Filesize
43KB

MD5
e843dc0b4a44b6fbf52a5235a253c4a2

SHA1
f5e626e4cced7421d8de0fa36583afdbcb1fa035

SHA256
01b37cc49e657cefaf5f185f0d813cecf6cbf741c2dde974ef28bc2fa4e96148

SHA512
c7b020c1de730174cc4906303f4280d0ed4b51189f3e6a66dce26f6035956fdacf49edaa3a91fadfe2cf275f8628a72c3996e2f4daa1d080a87b004fd4370d2a

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_de.dll

Filesize
45KB

MD5
2e725d42129c14d21e80e1677d59b5bb

SHA1
267775bdd5db5b76a59c7f0a83e4fd1bb9fc1a72

SHA256
a32a63794c2038c6f6d6131f62cf2d28efeeedecd26a843453d27feed61e259d

SHA512
b2fd0e27bf7a712ffc0bfbf9c88c58540e9167dc727286b3d83f612d424f9999a0b66dc40c97aaee02a601e43a330d0979a075283ef241a94c51293945145e3c

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_el.dll

Filesize
44KB

MD5
261e44f0071ac15807cdb3dd54de5db1

SHA1
843b984fa582bec8ba8befade636bd9ffeadd1c6

SHA256
b977d78ce840291a0aeca537b00dff326b18f4d3e3e00aa40d1258bab3d08605

SHA512
c0bbb44ab6fbc82583896b233da926b9eb801a6cc01d17acd6c22a688b9382304aa2d3d8b6c8ee96d9e6145eabfa0a6b9c055cd0b9dc2d7a20f8e31c42d1b503

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
36a25609ac13e6050492f78cd2c9a63b

SHA1
235271fa17319822b528c3697a02dce2361cf9cc

SHA256
1c5f3c0f451a3cfb86458e6c0d8ff76618d28b5e09eb74b7d3d9b82514801edb

SHA512
32c7dc6c99e81f027b298df53e9b590b91c6f2f5965b5d1d5cacec63fd7fb2faf17c61b53d38af7b68d0c036a670d3d12860b61f539c1f6d5b51f9b27bc973fa

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_en.dll

Filesize
42KB

MD5
b2f1decf549a8eaa5c126f3d1ecede48

SHA1
d4cb7c822a2dbc07e18f9c489a7feabefed063e1

SHA256
1e4f4a3959365c047ca7e3747c7b1be21ddff497a53305a476731ff9cdd5a6df

SHA512
397bb6e8fbf57f609d9efc3fbb8a514ed9f4124c35b83bfab9947f4e9285ea687f6c3b6c63c8f44a2ec172c732372e99ac4b62b8d19b281987d5e31e577e19a9

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
2b1d81adf34590ca68bd5788667638bf

SHA1
0d38f6d929cd1cdcc87c18886b6468b4a1e1c533

SHA256
1deb7fd74b59bd5bcad42260e3e30db718a2bff0dfdfcaa70debbfb1e44af853

SHA512
812764d476113b329d16ac3f2710605f59e05ed382f8f610d94ab08b8bd6059d310e60757d7f7c9101a7b75169957b41c76bae589b4e6e6e2c07fcc418fc0d08

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_es.dll

Filesize
45KB

MD5
db13a637844caeab74f08a59bff3ee1d

SHA1
c0dfd6d76cf585c8867756dafda6880046553c73

SHA256
5a64a4b86a1d7d70055cd66c523a733c021d696af5296c2fbfd055c41dba59f4

SHA512
c6de56b7f5a25cb865aa6c08b982fb5f77090028ec33dbd1d980b922f2cc79fc7621a9752e5e4de20b06929a9d8bcaff92759a648f53036c6f97778f00aed823

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_et.dll

Filesize
42KB

MD5
6f0e9c4eff4e3cc4759caf3f734dbfc4

SHA1
88ea68ff68e31304c050b17b072f5fe2bbe731fa

SHA256
197da1d110ad91c84366c041dcc16c93c1e2915edd739981acc4c2b12e46ea5b

SHA512
8a335fc05265c4a37d1ba2b753fecad2d7061c16dc38faf1e8cc2554663fd86f979ddf7fc8cb7cdfe96eae6b0c69b5d001fb1560d6f6facecd7c56c3723138ff

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
6e9a4d80987bb8f1bdca518ee70bed38

SHA1
d51cca461af6c56395b65bc13d0ff7d8d5cc9381

SHA256
b3a8261102e14632e4712d8768f8e861d79047e4ccc7afb249a34a349fdd3a7b

SHA512
0abf456d016b6648b8b9f5b8c2f2a586483336be5a1b8160db8964b85e00121faa5f0cd69e47878e788a47de7e9340a5a953bced6349e680ff8bba397dcb0645

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
4e899447b2a63e99414501de8c8aed1f

SHA1
c940e690de5ee9aa6c6ebc9a07ff27a64c9e3de5

SHA256
d3fe08cfce264b1de5db709c7b4c5b2a55419488f2ef83b5bdc756fea5b74b20

SHA512
60e7e6bb8bdcd8238692c9a24384f756629ad976e59f1d929749ae434730c70b5f9ca23c8c081f6f1f11df3f43d15a8a9529036674cde034ddd5568e2db958c5

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
4a0a7cfa16ac0d329bb1d95c0e811504

SHA1
c18f1a9359b0773fc84f2cf067a5101f2d0bd587

SHA256
06b071d7b2902c8183a094d12c0a9456609ffc7c67d3fad3af6812531b1b43a1

SHA512
41da8cc9e523c988f8936c1af3375b3d0e962b5759001e4702a4668d9ccac4087e5952492e930a4336a2c221338e5e8dab20eb87d7d78bf3d8bd92c0727227fb

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
c656c6938e1545cb9e5336b3a596466e

SHA1
3304b34437e4fdefc7833bce0dd9b8aa2323a216

SHA256
1e79939d11e9e3ca78c22810172d873e11be75bc540c0c0240729bc6f569930f

SHA512
bd35f29cc76b9bc3cd6a5283dc587ec1fc6a3a1ee18805eafa5bdf36a09cbeb65d240b840bd01e3b5d313076680d6e5bc296995b5ba87aa30b2da69947ff36a6

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
3d116fcef0683dfedb3e3e297459f46d

SHA1
31743e46e8a00fed7be1a609d99fa2a45fb87713

SHA256
7c25954e8f176bce13333c7caf067edaf3c84688c07d0c6d1ed46b15db4d2fd1

SHA512
28c9376f3528e7745d2226cbf94c42bfb0da0ee1d75dd02b80f46f6049e8027870ef6f0adc3a58f45296ec58a5b832ee7dcc9fc0333d81df9853f0fe05e0c8bf

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
1071f1c48f39a74c08396d569ed2783f

SHA1
f00629848e7889b5ecf956218cb748e6593da348

SHA256
2dc6945da761cc1230139e6ffd01d3ef29a8c767e6b0f0fcd8894e69ed2d9192

SHA512
c42747ac18917f9e854b03680ebd3023d11e232a869c4ff9df0aaa2d6854b5b127d7a8a75638a7b1fe60af8aa7a6dd8895b345b11dbaea30cc10c29150d58c13

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
8f6a168be46fc76415dcc14d81e0b490

SHA1
d9f6c1b432f00e1d30cd18e5cd68a4d6fa45d212

SHA256
5a98f451c62afa8ec95a990b804245300829be4d5f18b742429270e6cbecf9dc

SHA512
d8dd4d602e1bb7575a377d8c837a5649348268b393bf7fdef1d664c665f25adf72e2cfa4505e6a8088c48bd0231dafccb5a65fbfe31e51bded96872fa446592f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
d258ff0e0ad97d06e9beaced114b3a16

SHA1
b0beb13760167dfbf2f0b3b5c299593893e7e1cb

SHA256
4b7c8989b37e362750bcb4afb05fdb8b5fc82072a3f2f37a66f09ab877ce574f

SHA512
b5ed1ac6c6f6789417ffec9dbb0770bef5f3303157d4a340e9621d3e5457b66b9f597be67f7e7985a11f3e34f55edc2bf010054cb1bf4d39bd5ad28d5f277dd2

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_id.dll

Filesize
42KB

MD5
8277b50cfefee2d56f1c4b25a82da484

SHA1
df25adea340992f355aaf41a630d513915b48a08

SHA256
d423279a7ff7d55835d1d2755b166e45b83b1802b0c18911ed4d12eb2861e1b2

SHA512
0d13aec82bcc7dc11ae88bd050b6070b2db47a8e6fd6ba479a0e9610013ff7723670b2b89283240526e76290188774ff48e4a2a630e9e955ba561619a6181eda

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_is.dll

Filesize
42KB

MD5
e02ca76c24bff2c796d3488c28281ef8

SHA1
1bf097917e49751932fc790c6d5965f33129684f

SHA256
7498ec72fbf55a6f860ebec27647422f920266e3b2c68dfb87347aa8fdf07bac

SHA512
b64a76dfd33f0a3bac1f4e21300dcba518d1fe31d33c951f206f4abec629d83dcf3baaefaa74c635ab54df547192334ce413a4c010df8e045e6bda708d7817ca

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_it.dll

Filesize
44KB

MD5
85ddd70c35942a161bcf3709fd366edf

SHA1
c252245d9385940b6168af074f74a8f8dd8ae254

SHA256
d742ae851b2c8a62391dd573ab6358723b861dd532f3c94dddee6c8e9501a35f

SHA512
409102262f991ab7acf901626891daacb7b7abd03a3e9ff90c01808c1dfcfdb210ba86e9aab11f789e22d2d273fc524ae05c7213a60ed435412dc47163372ac8

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
e72c873a737fd29b0901aa5d7fbd33e6

SHA1
19483be20a57b62c94a206ddd9206bb453ae6491

SHA256
aebbbb9eb54068d6c9d86da22365102307303dfc579229d98e42f405fee1c80a

SHA512
6771980d1a069e925e3aabe61403d44a47870fef4394ce21413ac298f07147a4be71aab4dc18bc851692f9bbf682e1e8aef2c982ac9882c33e8ddc4e09beb5a8

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
4b96883bc8153f8513c18b1f232e85ea

SHA1
b249ce0647b3ec4b89b05a17129e192c46405c7b

SHA256
7f84d57eea4aaefa9df5a916e5645ac2862d981a2b4cccbb9b2fc80fb72c7836

SHA512
bab2dc8d3b9af1f1137bdb73b79ab992b7c862592bc7aabbb1764d83f171addf39b6bfd3b21936de6a59844f0c4b4c0ac2b7f3b5bd023f17700079210c371858

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
41a3a20cff6f125bb0f6bd3d12b750b4

SHA1
0a0f80cfd7bf9a3081d64d13599b40c5e4a832ed

SHA256
2f44c111626c22d8eb6ccbc4474b7ae436f56a48eff5274c774a5f705bb2a24b

SHA512
a87ab562794ad53509bcf3f70a98c879f7429d0ed13c7f71fe708a01c73177b37cc7539955f99a51de06671109afeb12f2353e8a40a7a14484ada6aea67c4e25

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
a02e26a88f5cd4b2d33f444a9aec3e76

SHA1
96e36351276ae6f4c86ac90b1ca41717bc430fcf

SHA256
ba8304df694e6e0d5159df10abc900c8abb2c8c029db59cfb6eca9d2bc0ce548

SHA512
8113dab2df7732918c0387fb26520e33b5f7384959b849c3982897249813969568f5df83a470d2e065f279cd96459e26003442a98f02c2fb2d52b5db16c5fb4f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
a732926fe83e1f710c3619d9190de5ae

SHA1
599fcbdf208db9dea2ddbfabe0c02026ac0464be

SHA256
a07c292849dc7ad6ef407fb355ddcfe1e42c809a370eb48e64e30c05a9b06344

SHA512
902e535815719511f6c62ed6bbe3578126e398a3d184cccdb32054db6f9905a752cc5e526cee7a2a5b8be134cadb49ad123030d4b4f5340a27f8c4e5d0ab7440

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
49efe5d790f94478a4d8ba262d6e9a9a

SHA1
3c90abd3bc3790f053e9f1f267d26578c1d1f925

SHA256
34f76bcceec8002df1de2fe8f8d3f14eb8d54e8497a710af82e939f9627cac0b

SHA512
afa38f1e5c055b27742b691e022336e182e670ec99dfa6894ddc108d54f9d1f6830ac0d40953e687baf5ee8884efc64a0b4ff67f27ea090c6e5cce62c199c541

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
a7834f15a1b0a0b071883ba7f1591248

SHA1
3c17b5bef9385d08e52b4af010bafc0739d3687b

SHA256
d967ff5b49747360bf06fc22d0f6af26e39fe9f371970f254009b27280c7be31

SHA512
740efe4082fd3d8e74ad67f3355f2fb76a997acbec3289a12d435da885475b0feeffa50b742c8aa3cd18192ea5e99e3c43184e6f4442df1ee46f750532864e06

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
901c386785e49e49d287ea12bc0b56fd

SHA1
bc827463ba8b030322e0b8af8fa71ecda251fec4

SHA256
fd9d8a2b8d6948324cd189ae3f9b89708ebac8e8469bdcfa279d0ed3fc6fb277

SHA512
92a891668662d71ef26f836a8e830139d1f5c13ed701bcfaff7d73252e8952653c3a0f02078a613df75c60b38f9a4b3ce4b1ad8c7ce86f08b48b1f984626c702

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
500ba73e4e499c31d24ac5e5fded2a1a

SHA1
9ee752efde84bbc5f59dabd1f5cdf8ab968d14da

SHA256
2146abb3c2489c98f0da09041350dba768b791ff15a6487ea8fb81b33cf5af46

SHA512
34d6ea05534d4f751bb7d4ad190256c09b5be74a1d3e239975bab4fa742567914fbf5d7936f15704ab928992960f1da3b11d1cd9099ab4a8cabbe91f923ec9af

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
4a9ea61033740d78e802ed80f1623175

SHA1
a2bbddc4dc199a0f3e0541b1f5c5f0a68d425b92

SHA256
22a59185ba2c54923fefbb8a3ea62edd94d3e20235c612bd047bfc3962cd6000

SHA512
7819d86fadd2c82d859070057d6f9d73ce6c55becdc72969ae009711b7f8c4a30056ae3381be5a1e6c316e3681893e60c2ca2948f474d5e9e3d8185adc090a4f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_no.dll

Filesize
43KB

MD5
57b6000f6124be7d385e651ab9a4fe66

SHA1
f0d16d84fdf59531ca1002d1e06fb3787c3c36d9

SHA256
02e6a7cb9b67995865f6b980f1c651ba652c40fa7fcb0f1f7d2e83de346a946e

SHA512
1352d70cb136e0e15d073d40c94001d1eabadb7c6bfb7f151eba56785e9da00cc3df44f01f9653127da6e6547a7298cef25a9682349574828743b78e5baf2678

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
56e4e7370f8a044beb460da2ab7cdaaf

SHA1
44ec4f31da280775bd9becbb9d27c22096868515

SHA256
b5c42f2fdf74efb62e80fb4679cd3f251a6e3d1bd7b250ea4c3cc784865e8e6c

SHA512
e7c953ef763a0401fc50c8b1720e1e6a977469dc5e6ac125a08d29ab725ea658b6898bc694b26aa606e4369d5813a6d8e45817f2154d222d9def1811289c580f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
043cda57fbffc2627d37301a4b8eb564

SHA1
2593c4db1e473163d16e301a7777c77524441a45

SHA256
066035a2e3835af013de4ce4ff8ce37e1f6e9a24e256998d98ac8bd02260f0b1

SHA512
66e3b74040371c567abbd24e7ab9a5c17f4537f15bc9be8aea2da88aed6b1262def93199979580590e93433f9b074eebe30d06b060b4d44bcc8eedd67bd246b7

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_pt-PT.dll

Filesize
43KB

MD5
e1271c33909755767da3a78a36ed2e97

SHA1
98b6b1fd9c1238128814d407189e7ae47b723b28

SHA256
98cc2b2caf3eeb6ab34fd01847d5f7718aa703c44383e31ab98b1c0af91272e8

SHA512
f70ab44d57acbc926e00bd49c7ea08eea42e3b2303e3d1aaab04b8a9df1b94965ab4008bb53f339b8037d57522b4f1effe86076aac79896c926d08acf4f30173

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ro.dll

Filesize
43KB

MD5
d710e742f2d584a625d387f69f0540c5

SHA1
cf5ab4f034bde824a586eef0ffa84d84f95f41d9

SHA256
bcd3b4bc7808c9924ce13b4bc8229c67e8782cb88f6f90e33b9dd8fd616f68bf

SHA512
897c10a6a0c4c3509260f6e1392423b4a4467f010f60de4b74ccba2b0b4a1b00f522c597ecd324f607bfb449db3dc7722e97365c2573664e9c4de4066c734b2b

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ru.dll

Filesize
42KB

MD5
a07e5639f630e4ab75a613c4912efed6

SHA1
e333ca1753a5e8e351db62330fcf3ed239f97e45

SHA256
e5f7287c037fa82ad73543c7d96234f66274b08b22142650fe8e23c62c4b98e9

SHA512
4b91f2637ff792090bb4fcf668ec7dbec490ada4136424c3129ecc57c3d22fbf6cc79f7aaaec4a76dc1783db2060cada1c71932d9d3a7a27a7fed2b963ec55c1

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
4e981a123464ec3f20227426e4836517

SHA1
d2346ef8e8d0e60500c424c07df31f1ea798c58d

SHA256
1c42a38235745b1be6c1d7f056c4cf7703f9d78d9ba6a30fd8aee65b3d83eba9

SHA512
bc9c4bfcf2fa3cb4984c1b8763c58b218e579c4cd0d059358095538288b10c7a73177a4f15699b1b575e6aa3fd9bc5dc8417b55d183fee4386b9318f665cd287

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sl.dll

Filesize
43KB

MD5
cd20ada9b83a7a795c0caa56a70de149

SHA1
0bfdc09f66f064d0e25c756914cf04179794c8c6

SHA256
1c74c6b523d0f3cf45b908c088bdd3260df3b5eac345ac9cc0462436b5d3f1ca

SHA512
c1ce121bb5258d05c13a8cebe1b363e30ee99c54396201b5cd05b4e06fbbcd19ea6800d32b4a2c89225db1b27cffa23b97c1bcc064d717794d4da8064046aec9

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
d0e56882740cc6348752b4d32cc8adc5

SHA1
0604d6b25576a2b580ff713c8e2a4453aa504fc6

SHA256
fb1a153d1e9c9d008d00189b830fa863a6dd98cde7fb1770141c290159114733

SHA512
f8ca56966f8623c1901a00066791d56af9cc226df564f94ab0f8300a4d55b6ce489fa8424c5611baa379fa1edf114fae4955f82babb47f4280801c30e59ae54e

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
82eaab5a7a34b357e77cc1dde9a7c4a8

SHA1
84da436cffd3a9814661d1582dcf3790e5cf6e78

SHA256
3d309f277e0a5ef28fd0d67912e10e22c83817a51e527b1fe09ed3d961570eb7

SHA512
96d1b6a5c22ec59e7ae7b510843bad7bfb31ae7aa7bbaa7781e67fc7a5264a2129f98a03a9bf7b8c712d646c20f10ba05a4cb8150db8fefaaa7b0bea14cd88f1

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_sw.dll

Filesize
44KB

MD5
e6f8582fd62ab59791fd7062d6aff0d6

SHA1
dfb3f63b990436fcecb40e903e16b0a4acf6ec68

SHA256
8eed293856e52331142c60178d31abfea1c097893db28e7256055e679ab3b0f9

SHA512
ec0e1cccfb93be3f61b78d7509e06d7e30bd63eea987d4baf95055f2c21506205580aae408dcd19e3fb4b4c76ff94d53f7e78a80140a97646e7763af28983322

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
e9838aae102c5ba044901461eb97d340

SHA1
8e4f372c5d9b239d9500543f583988d4031b94cc

SHA256
5708afa55682b1fee53bd89000de4bc158392610e84a6f72cc7a2519b01b59b5

SHA512
51108554deec7b2090cd35d3dedabbfd8934b321744903c0790752b563b1c4b52e95e4d68271cd4d1674f109a9ea3cec9a882e9e86fb352799fbc2b6848a4509

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_te.dll

Filesize
44KB

MD5
a9dca8dde29e97181f36551ef98a380e

SHA1
01710463f703dab403e0b9767192bcf58717dfd3

SHA256
d139386bc872e68601769926c10625c7fcf1ccb5fa8bf388a34171fe61c3bc94

SHA512
8c12bab4c7e1d0cce6f6b24419cc99554a0b2c68a0d1f341d9b5ba1369f8d58ab1dd4f1711b378b6b6a967c989cd6026b0aad3d03c87573d343796d318f0b9ae

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_th.dll

Filesize
42KB

MD5
859345de289f9c6ca89f2830104d6648

SHA1
4fef798ed087063aeeb326f590a5452674ac8890

SHA256
d32347c3a1b7ac45ba7168b3776b19197ebe2906646496457d96a6d87b6a1264

SHA512
ca0a1132b86f39252d458e98845449ae99c3027ec76ea389c3fe2943c7636d01095c7acf3e1405ab3c4c9899d279191f731e7ae45419c7194f5ef9335b4c53c7

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
fd025b84606b2f18041a3aee6cbb0e2e

SHA1
78bd336f64e14c8c93d183818eb10388112a5e0e

SHA256
5b9e2490006bf204e285fee6f654c41c5b661f9ba09baeb388720f6475a557a8

SHA512
61f6ae1b7688858eff9dff1f4484228e9ec8edf3b09aabca085d324af88d96e743cae7f31e85d20ecf50eb9ec4fb3366c3f9b5f137132183a52d1aafb4a530db

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
0e75d37360669b540920baca74b3cf23

SHA1
d521a80699b037ada816dea2d9619bcda203a1d7

SHA256
fa872747f8021ba39b66acfd4394931f40d9582d2c2b05af4dea2fa8a31a0c97

SHA512
1e2cec844b432fc28182e524557b32edd8cdf791911e30a179dcb36a58a95ed7e8f14ec14eac7f6c93b9c843d574ad82110dcac6b2ab09dbacc7aaeac5894c07

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_ur.dll

Filesize
42KB

MD5
2f2bfe75d4c1bd401b1ffe516b8a090e

SHA1
9e092a63c639d6c7fa641109bd656901ba3609e2

SHA256
145d318be8c040d047df7eccddb8035442982dfb7b5d3b574ee287dbcc1a86fb

SHA512
b830b1a46d396a2580bca3e8cfab8960f5d1d81e13349aff66b5520da68612fcf56acd0ef02488f3ede76b4fa4fd404cb9efc1ad8c3158a18bfcdacc8818afa0

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_vi.dll

Filesize
42KB

MD5
f707066cc84c83a4ed8f458948bb6883

SHA1
2798e9ced0eee42f660ce34963ef197e9cd2623a

SHA256
ecf04e3f8f6e9d7648f1a732c4a3b4bede2141fecd3bafb97483830097661be7

SHA512
1f49a2662f783845f4e740ec65b3543af33f2f3d71de4e86de27925b22a104b470c4b9d02f96d21ccf3681b1227284e73bf8377516ca62306b2cd9238a1a437f

Download Submit
C:\Windows\SystemTemp\GUM7B6B.tmp\goopdateres_zh-CN.dll

Filesize
37KB

MD5
dea8a2529a9d17d29b7c45ccf5142f6e

SHA1
b444b08d30f992d5fc82f0577f5f8e8e866bb941

SHA256
8f4a249f1585baab745061c9fe33c4c76a959a8217aded4a18e1eaad632398a2

SHA512
73b05df17c2a1f7781e073fa19e4125f5cb925dd4dbf8dc03d381243cd64ad318d0ea6b1a62ebb392c6cc2cff3bfc86e8effd0b39ceb1913cad56ee43f0d6f32

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-mr.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3408_1195928994\hyph-nn.hyb

Filesize
141KB

MD5
f2d8fe158d5361fc1d4b794a7255835a

SHA1
6c8744fa70651f629ed887cb76b6bc1bed304af9

SHA256
5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809

SHA512
946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

Download Submit
memory/1248-240-0x00007FF91E960000-0x00007FF91E961000-memory.dmp

Filesize
4KB

Download
memory/1248-241-0x00007FF91E510000-0x00007FF91E511000-memory.dmp

Filesize
4KB

Download