lumma | hxxp://YouTube[.]com

Resubmissions

07-01-2025 15:16

250107-sneq2aykej 10

07-01-2025 14:48

250107-r6y2ysvrdw 10

07-01-2025 14:31

250107-rvyl2swrhr 7

07-01-2025 14:23

250107-rqb79awqcq 1

Analysis

max time kernel
900s
max time network
845s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://YouTube.com

Score

10^/10

lumma defense_evasion discovery persistence privilege_escalation spyware stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fairiespar.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\131.1.73.104\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe	BraveUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
1648	BraveBrowserSetup-BRV002.exe
3716	BraveUpdate.exe
1096	BraveUpdate.exe
4272	BraveUpdate.exe
3528	BraveUpdateComRegisterShell64.exe
784	BraveUpdateComRegisterShell64.exe
1420	BraveUpdateComRegisterShell64.exe
2712	BraveUpdate.exe
3864	BraveUpdate.exe
4552	BraveUpdate.exe
6096	brave_installer-x64.exe
1620	setup.exe
1808	setup.exe
4828	7z2409-x64.exe
5436	setup.exe
3016	setup.exe
5340	BraveUpdate.exe
5360	BraveUpdateOnDemand.exe
420	BraveUpdate.exe
2224	brave.exe
3564	brave.exe
5252	brave.exe
5300	elevation_service.exe
5272	brave.exe
5444	brave.exe
5752	brave.exe
5728	brave.exe
4640	brave.exe
4156	brave.exe
1116	brave.exe
1448	brave.exe
5280	brave.exe
5816	brave.exe
1196	brave.exe
1120	brave.exe
1772	chrmstp.exe
1552	chrmstp.exe
5416	chrmstp.exe
1524	chrmstp.exe
1664	brave.exe
2472	brave.exe
2340	brave.exe
5068	brave.exe
5580	brave.exe
5836	brave.exe
4776	brave.exe
5584	brave.exe
5820	brave.exe
1548	brave.exe
3580	brave.exe
3444	brave.exe
2624	brave.exe
3948	brave.exe
5928	brave.exe
5816	brave.exe
544	brave.exe
5812	brave.exe
5336	brave.exe
2372	brave.exe
5100	brave.exe
3968	brave.exe
5588	brave.exe
5996	brave.exe
3784	brave.exe

Loads dropped DLL 64 IoCs

pid	Process
3716	BraveUpdate.exe
1096	BraveUpdate.exe
4272	BraveUpdate.exe
3528	BraveUpdateComRegisterShell64.exe
4272	BraveUpdate.exe
784	BraveUpdateComRegisterShell64.exe
4272	BraveUpdate.exe
1420	BraveUpdateComRegisterShell64.exe
4272	BraveUpdate.exe
2712	BraveUpdate.exe
3864	BraveUpdate.exe
4552	BraveUpdate.exe
4552	BraveUpdate.exe
3864	BraveUpdate.exe
5340	BraveUpdate.exe
420	BraveUpdate.exe
420	BraveUpdate.exe
2224	brave.exe
3564	brave.exe
2224	brave.exe
5252	brave.exe
5252	brave.exe
5272	brave.exe
5252	brave.exe
5252	brave.exe
5252	brave.exe
5444	brave.exe
5444	brave.exe
5272	brave.exe
5252	brave.exe
5252	brave.exe
5252	brave.exe
5752	brave.exe
5728	brave.exe
5728	brave.exe
5752	brave.exe
4640	brave.exe
4640	brave.exe
4156	brave.exe
4156	brave.exe
1116	brave.exe
1116	brave.exe
1448	brave.exe
1448	brave.exe
5280	brave.exe
5280	brave.exe
5816	brave.exe
5816	brave.exe
1196	brave.exe
1120	brave.exe
1120	brave.exe
1196	brave.exe
1664	brave.exe
2472	brave.exe
2340	brave.exe
1664	brave.exe
2340	brave.exe
5068	brave.exe
2472	brave.exe
5068	brave.exe
5580	brave.exe
5580	brave.exe
5836	brave.exe
5836	brave.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	brave.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	brave.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\nl\messages.json	setup.exe
File created	C:\Program Files\SystemInformer\symsrv.dll	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lt.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\BraveVpnWireguardService\tunnel.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\fil.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\bg.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_bn.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_sk.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\brave_200_percent.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\en_GB\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\hu\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ms\messages.json	setup.exe
File created	C:\Program Files\SystemInformer\systeminformer-setup.exe	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_uk.dll	BraveUpdate.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\da\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\VisualElements\Logo.png	setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.sig	systeminformer-3.2.25004-release-setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\de.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat	setup.exe
File created	C:\Program Files\SystemInformer\dbghelp.dll	systeminformer-3.2.25004-release-setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\brave.exe.sig	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\af\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ar\messages.json	setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.sig	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_mr.dll	BraveUpdate.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_arm64.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\et.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\sr.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\lv\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\es.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\ko\messages.json	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\dxil.dll	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\bg\messages.json	setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.dll	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources\brave_extension\_locales\lt\messages.json	setup.exe
File created	C:\Program Files\SystemInformer\LICENSE.txt	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_hi.dll	BraveUpdate.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\vi.pak	setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sys	systeminformer-3.2.25004-release-setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\resources.pak	setup.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe	brave_installer-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File created	C:\Program Files\BraveSoftware\Brave-Browser\Temp\source1620_1020448138\Chrome-bin\131.1.73.104\Locales\lt.pak	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\1\scripts\brave_rewards\publisher\twitter\twitterBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\photo.json	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_th.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ru.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\1\scripts\brave_rewards\publisher\twitter\twitterAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_hu.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_no.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_pl.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ur.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\1\scripts\brave_rewards\publisher\vimeo\vimeoAutoContribution.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_2048531582\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\eric-patterson-2.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_de.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\psuser_arm64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\1\scripts\brave_rewards\publisher\youtube\youtubeBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\5d9284d6-9d93-4d67-825d-92fe4a87a9dd.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\gordon-ross-1.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\StudentNTP_John-Ng_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1906724043\kkjipiepeooghlclkedllogndmohhnhi	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\psmachine_arm64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2224_2077299647\extension_1_0_1843.crx	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\mohammad-usaid-abbasi.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_am.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\733265a5-cb2e-4388-80d8-41ff2aca4f74.png	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\StudentNTP_Alyssa-Skala_x1280.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateComRegisterShell64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\psuser.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_pt-PT.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_uk.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_609772952\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\39caa084-41ce-4604-9fae-b4b668e2a7d8.jpg	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\psmachine_64.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2224_1384302759\jflhchccmppkfebkiaminageehmchikm_2025.01.06.01_all_gjrlsulxr5i5e25nf2jzwoxpei.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1593065803\metadata.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-bg.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_vi.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2224_201533115\extension_1_0_69.crx	brave.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-sl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-pa.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_mr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_es-419.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1294090168\manifest.fingerprint	brave.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1294090168\kp_pinslist.pb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1294090168\_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1741222899\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2224_697016085\7_all_sslErrorAssistant.crx3	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_hr.dll	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ml.dll	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_710426087\manifest.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2224_860510700\hfnkpimlhhgieaddgfemjhofmfblmnib_9462_all_lixaj4se2hzshfwxihzuflmmim.crx3	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-de-ch-1901.hyb	brave.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateComRegisterShellArm64.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateSetup.exe	BraveBrowserSetup-BRV002.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_609772952\list_catalog.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_710426087\manifest.fingerprint	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1075378636\brave_metadata\verified_contents.json	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-mn-cyrl.hyb	brave.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-cs.hyb	brave.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Desktop\systeminformer-3.2.25004-release-setup.exe:Zone.Identifier	brave.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminformer-3.2.25004-release-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveCrashHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdateOnDemand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveBrowserSetup-BRV002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BraveUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2712	BraveUpdate.exe
5340	BraveUpdate.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	brave.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	brave.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807365826495171"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	brave.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{576B31AF-6369-4B6B-8560-E4B203A97A8B}\LocalService = "BraveElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	brave.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	brave.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods\ = "5"	BraveUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\Elevation\Enabled = "1"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3COMClassService\ = "Update3COMClass"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods\ = "4"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\Application\ApplicationDescription = "Access the Internet"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\CLSID\ = "{598BBE98-5919-4392-B62A-50D7115F10A3}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{652886FF-517B-4F23-A14F-F99563A04BCC}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\ = "Brave HTML Document"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachine\CurVer	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}	BraveUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0D2DC5A9-E726-4D6B-BD5E-648F4BDA4930}\InprocHandler32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ = "IProgressWndEvents"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ = "IAppVersion"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachine.1.0\ = "Google Update Broker Class Factory"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods\ = "17"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher.1.0\CLSID\ = "{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\ = "Update3COMClass"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods\ = "10"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	brave.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	brave.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ = "IProcessLauncher"	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}\ProgID	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc\CurVer\ = "BraveSoftwareUpdate.PolicyStatusSvc.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32\ = "{6B042DC7-1633-49A2-8255-7DA828C32CA7}"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BraveHTML\AppUserModelId = "Brave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}\ProgID\ = "BraveSoftwareUpdate.PolicyStatusSvc.1.0"	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID\ = "BraveSoftwareUpdate.CoreClass.1"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32	BraveUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb"	BraveUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32	BraveUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\LocalizedString = "@C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\goopdate.dll,-3000"	BraveUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	brave.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	brave.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.zip:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Desktop\systeminformer-3.2.25004-release-setup.exe:Zone.Identifier	brave.exe
File opened for modification	C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier	chrome.exe
File created	C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA	BraveBrowserSetup-BRV002.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3264	chrome.exe
3264	chrome.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
1660	chrome.exe
1660	chrome.exe
3864	BraveUpdate.exe
3864	BraveUpdate.exe
5340	BraveUpdate.exe
5340	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
3716	BraveUpdate.exe
2224	brave.exe
2224	brave.exe
5588	brave.exe
5588	brave.exe
1460	BraveUpdate.exe
1460	BraveUpdate.exe
4640	BraveUpdate.exe
4640	BraveUpdate.exe
3192	BraveUpdate.exe
3192	BraveUpdate.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe
3040	SystemInformer.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5508	OpenWith.exe
5688	7zFM.exe
3040	SystemInformer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: 33	3156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3156	AUDIODG.EXE
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeDebugPrivilege	3716	BraveUpdate.exe
Token: SeDebugPrivilege	3716	BraveUpdate.exe
Token: SeDebugPrivilege	3716	BraveUpdate.exe
Token: SeDebugPrivilege	3716	BraveUpdate.exe
Token: SeShutdownPrivilege	3264	chrome.exe
Token: SeCreatePagefilePrivilege	3264	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe
2224	brave.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
4828	7z2409-x64.exe
5028	brave.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5508	OpenWith.exe
5744	brave.exe
5544	OpenWith.exe
4852	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 2840	3264	chrome.exe	79
PID 3264 wrote to memory of 2840	3264	chrome.exe	79
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 340	3264	chrome.exe	80
PID 3264 wrote to memory of 5016	3264	chrome.exe	81
PID 3264 wrote to memory of 5016	3264	chrome.exe	81
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82
PID 3264 wrote to memory of 1896	3264	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://YouTube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6879cc40,0x7ffc6879cc4c,0x7ffc6879cc58
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1988 /prefetch:3
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3280,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4708,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4628,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5432,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5484,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5368,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5460,i,584038079963378082,11711424490831155930,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4340
- C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe
  "C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:1648
- - C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdate.exe
    C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3716
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1096
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4272
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3528
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:784
    - - C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1420
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5MTk3NUVGNC0zQzg0LTQ5N0EtODZDMi1ERjYwQzIwOERBMDZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NzI3MUU1QjAtMzAxNC00QTdBLTkzM0EtODczRURBREIzQkNCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjczMiIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2712
  - - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
      "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{91975EF4-3C84-497A-86C2-DF60C208DA06}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3864

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1744

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4552
- C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\brave_installer-x64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\gui2E7F.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:6096
- - C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe
    "C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\gui2E7F.tmp" --brave-referral-code="BRV002"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:1620
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x294,0x298,0x29c,0x24c,0x2a0,0x7ff742f9f418,0x7ff742f9f424,0x7ff742f9f430
      4⤵
      Executes dropped EXE
      PID:1808
  - - C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe
      "C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\gui2E7F.tmp" --create-shortcuts=0 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:5436
    - - C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe
        
        "C:\Program Files (x86)\BraveSoftware\Update\Install\{8B17CC12-AA20-4565-8FEA-927C395F9C9A}\CR_92F8A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff742f9f418,0x7ff742f9f424,0x7ff742f9f430
        5⤵
        Executes dropped EXE
        
        PID:3016
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5MTk3NUVGNC0zQzg0LTQ5N0EtODZDMi1ERjYwQzIwOERBMDZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7ODQyNTUxQTYtNzA4RS00RURELTk0ODgtRjI3NEQ5QkUwNjcwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4xLjczLjEwNCIgYXA9InJlbGVhc2UiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwczovL3VwZGF0ZXMtY2RuLmJyYXZlc29mdHdhcmUuY29tL2J1aWxkL0JyYXZlLVJlbGVhc2UvcmVsZWFzZS93aW4vMTMxLjEuNzMuMTA0L3g2NC9icmF2ZV9pbnN0YWxsZXIteDY0LmV4ZSIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBkb3dubG9hZF90aW1lX21zPSIxMDg1NyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzc1IiBkb3dubG9hZF90aW1lX21zPSIxMjUyOCIgZG93bmxvYWRlZD0iMTMwOTI4NjU2IiB0b3RhbD0iMTMwOTI4NjU2IiBpbnN0YWxsX3RpbWVfbXM9IjMxMTM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6879cc40,0x7ffc6879cc4c,0x7ffc6879cc58
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3376,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3328,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5440,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5568,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5228,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:2
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5400,i,2964170411108399507,2045949533089957165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:6020
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4828

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2868

C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe
"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5360
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:420
- - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
    "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:2224
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc63d71d18,0x7ffc63d71d24,0x7ffc63d71d30
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3564
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2084,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5252
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --start-stack-profiler --field-trial-handle=1900,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2132 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5272
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2384,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=2624 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5444
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3440,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3492 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5752
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3452,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3624 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5728
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4884,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4900 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4640
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4888,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5004 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4156
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5148,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5156 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1116
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5028,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5008 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1448
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5156,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5168 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5280
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4868,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5116 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
      4⤵
      Executes dropped EXE
      PID:1772
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff753b9f418,0x7ff753b9f424,0x7ff753b9f430
        5⤵
        Executes dropped EXE
        
        PID:1552
    - - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        5⤵
        Executes dropped EXE
        
        PID:5416
      - C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe
        
        "C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff753b9f418,0x7ff753b9f424,0x7ff753b9f430
        6⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4676,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5160 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1196
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5008,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5016 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1120
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5172,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5416 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1664
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5372,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5548 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2472
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5580,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5716 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2340
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5872,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5880 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5068
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3432,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6040 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5580
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5164,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5720 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5836
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5492,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5540 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:4776
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5812,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5476 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5584
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5896,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5836 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5820
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3852,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5976 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:1548
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5472,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6072 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:3580
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5900,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3648 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:3444
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3692,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1976 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:2624
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4104,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3688 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:3948
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5136,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5108 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5928
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5868,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3684 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5564,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3680 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:544
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3480,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4788 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5812
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4916,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3732 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:5336
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5980,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6064 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:2372
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6040,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5192 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5100
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=3648,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5608 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:3968
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5612,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5508 /prefetch:10
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5588
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4996,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5432 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:5996
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5456,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5864 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:3784
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5072,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      PID:5852
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6132,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=4788 /prefetch:1
      4⤵
      PID:5408
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6012,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:4588
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5408,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5960 /prefetch:14
      4⤵
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5028
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5400,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5508 /prefetch:14
      4⤵
      PID:576
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5040,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5584 /prefetch:14
      4⤵
      NTFS ADS
      PID:816
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6052,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=3484 /prefetch:1
      4⤵
      PID:2124
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5876,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5324 /prefetch:14
      4⤵
      PID:5504
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6216,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6236 /prefetch:1
      4⤵
      PID:5660
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=5232,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5732 /prefetch:1
      4⤵
      PID:4128
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6480,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6556 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6676,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6500 /prefetch:1
      4⤵
      PID:4524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6808,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6488 /prefetch:14
      4⤵
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5744
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6940,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6928 /prefetch:14
      4⤵
      Subvert Trust Controls: Mark-of-the-Web Bypass
      NTFS ADS
      PID:880
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6988,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6992 /prefetch:14
      4⤵
      PID:3724
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6444,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7128 /prefetch:14
      4⤵
      PID:1104
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7004,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7284 /prefetch:1
      4⤵
      PID:3320
  - - C:\Users\Admin\Desktop\systeminformer-3.2.25004-release-setup.exe
      "C:\Users\Admin\Desktop\systeminformer-3.2.25004-release-setup.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:5068
    - - C:\Program Files\SystemInformer\SystemInformer.exe
        
        "C:\Program Files\SystemInformer\SystemInformer.exe" -channel release
        5⤵
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:3040
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=3632,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7100 /prefetch:1
      4⤵
      PID:4476
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=2948,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6124 /prefetch:1
      4⤵
      PID:1636
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6388,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:200
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7428,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7096 /prefetch:1
      4⤵
      PID:8
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7520,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7072 /prefetch:1
      4⤵
      PID:5988
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=7148,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7524 /prefetch:1
      4⤵
      PID:1104
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=6872,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=7360 /prefetch:1
      4⤵
      PID:6112
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=7312,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=5204 /prefetch:1
      4⤵
      PID:5024
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7744,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=6968 /prefetch:1
      4⤵
      PID:5524
  - - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
      "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=13751284554685035526 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=7108,i,9779781619539694255,10297200537485237534,262144 --variations-seed-version=main@a57acceeac76f9e1e94a52c2dc8e025872bf853c --mojo-platform-channel-handle=1976 /prefetch:1
      4⤵
      PID:2028

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5300

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
1⤵
- System Location Discovery: System Language Discovery
PID:5676
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /cr
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1028
- C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
  "C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe"
  2⤵
  PID:2736
- C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
  "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource core
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4856

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5508

C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5236

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5688

C:\Users\Admin\Desktop\16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe
"C:\Users\Admin\Desktop\16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4852

C:\Users\Admin\Desktop\16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe
"C:\Users\Admin\Desktop\16c3793c3deafcfb489b2347d08bfd0a420ce0f8c27dd4afeea05d9d9a99f413.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\Installer\setup.exe

Filesize
4.3MB

MD5
94483ea960f9bee9044e0a8ca31fc33c

SHA1
39e29cde48af84b3efdf16ffeacdc35be3e0e1e5

SHA256
e308f70103afbfac265121f89759906299213e88fb9802352695f8260bd3d31c

SHA512
d189adf07c6715d38547bd8873234d16596970d671ba3fb9c222d6a9aa10a5fc7cdcc6cea6627c5b0031b93e60e6db18e45b2661532873f510151a9b3f1fcb94

Download Submit
C:\Program Files\SystemInformer\SystemInformer.exe

Filesize
3.3MB

MD5
ad845b34379404be8224d2ac570d4f6f

SHA1
e197c7423c97cd802d67f944429e83a5bae3dac3

SHA256
0c44bc05baec15de76da5074dd96fe19c81f3aa82da628c57555addc77bb0fa8

SHA512
abc8d3b9fb90384cf4f2ff73d989227add3aa4f9686a9f7c243f2e52983349bdb92f7b700cbe5f7c27c1867b7aebd1c61f62008145087e47eee58cf2b9aebdc4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9462\crl-set

Filesize
626KB

MD5
4cccfca2d549f6bf9e421bb367025d43

SHA1
63113e18dd6320880b6baaac408ebeba1846b1ee

SHA256
a729eccd37e7e2c24a53b900b6c6b1db34958cb931024d26b63f886c321e27d9

SHA512
afccc3e734603efad0b527b2160445f4f4d5160a284b895fcaf8f41afc2524a6da56686a1f9745e0703b4283def6343adde33c750bb5643968b7e32826288a53

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a7b874fb2306809a5f8a0e618e94baef

SHA1
90ba5a05c591ae09d511d7233be67545214b1af2

SHA256
c02c7d8734ab308b814369f232aaa46e89a60c5ffe750e98a26991e5bc3f6e7f

SHA512
45dd6f2b42300f04f09be139118e4d188a0f4d27f1dfb6b8fc0d12d104b25b1609db171e0a903fa81cc43ed560d03da56247d82475826494ebc20a0549b9668f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny\2024.12.19.1218\Preload Data

Filesize
16KB

MD5
3c97222c910c2aa1fab0c39a1c8d2b11

SHA1
c794a8758b4fa74c7aa9536effe9bfa774822e7a

SHA256
c7b91efdd09d75b47036e241eb55a238065ace2c26cd8f31328e8a9f4b4102b4

SHA512
3220065c655bf174c466d9ac03d3040e419f30d081983c23a757d2c0c5e4720aed2c71e88befc0d8b6987d6abd6a25289731d7f4fc9ed6348a1d762f67032153

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\595004d4-ac15-43b5-881f-0384a212fcae.tmp

Filesize
7KB

MD5
a18831b25f4159bec3f58502b9adec62

SHA1
25a5b54c6552d19fe19c4f64b01160879b37e4e0

SHA256
2b328b65f207e97048edcf931409db6e7eb409656126f261c8f1dfeffb5128d7

SHA512
5109dbe7d8011b5e04d7f0d15c8301299b37827e049006d1c468f62231648db96862d6219dccf00586850e82016fc5d964b78989e4325c9e8c8132f9ba57d6f6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000022

Filesize
271KB

MD5
4e519c5a3da9825134593e841cd70b51

SHA1
7517f74af1bc5218a643f571e9c27b28951f371c

SHA256
d6b07fb620d32ea3fb2ae5719dd060317e50fb6a0e52366f1bfd43669c7a0771

SHA512
18c3c165358bd2461e6db88f6b4344a11f5e6cf101cd1e9b6e108457072436d5c7613dccd8bd8acbe57fefdd21a97443d788241521c651c35c2fe96954d4dd8f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000023

Filesize
174KB

MD5
21f277f6116e70f60e75b5f3cdb5ad35

SHA1
8ad28612e051b29f15335aaa10b58d082df616a9

SHA256
1537b0c18a7facad4bdfa9ae3ec84095c91467aa5cfc1d8af2724909703c2fe4

SHA512
e619f92b1ec91e467e4b11d5ad25c99b62c7216f9da81c159ae0c9ef3f9e75f48dde7bad09ee38727b5a14b827f3b813c196504057708cbfaf4bc67dbd032816

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000025

Filesize
39KB

MD5
4e7f8d4d77df5b8f1cb339ada1480c4f

SHA1
ca3e79874eccf272c017e74446e5cba835f731b5

SHA256
793a24434c26d4b1cacb4b331784e3be7f05b8fb6af4dc87e96eb611961962de

SHA512
f2369d986934824197ae494d4b30932e104baba9bcbe57e2df0868564f6f8ece761164fbf4ae9705a8fc936f20d5d0ab7010491bf06da466d3b807eccaa2fe76

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000027

Filesize
21KB

MD5
fef291823f143f0b6ab87ee2a459746b

SHA1
6f670fb5615157e3b857c1af70e3c80449c021aa

SHA256
2ccc2b4c56b1bc0813719c2ded1ef59cff91e7aeb5d1f3a62058bb33772b24be

SHA512
cf28068cc1c1da29583c39d06f21ffa67f2b9a9c4a23e22cbfe98aacae6ddc3dde1f8dab7eaef371dc0a2230d21cc8fd41653fc5d812b14c389e07f5ef7fd5c4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000028

Filesize
214KB

MD5
59cd93e78422c682829b695087aa750b

SHA1
09995899c2eefa4aef3d19383098a051a5095c9d

SHA256
52110a0e17e8ee782f45a44f1224fa6f4f2a4ad51357886d08180fa2158033b9

SHA512
c6c85107258ed8a84689dd564d441d6fa56f0d930ca082d7e48731194e20fa151bc45ad899c6d9635e568b6d9870fd3657d28003969ca9b11343d38c8713e7a5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000032

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000038

Filesize
23KB

MD5
f837d382a885a07c34a3d4bf4f49373d

SHA1
68ddceef1d164a48d9d01d4a74f26b7897323229

SHA256
dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33

SHA512
ef010d89971c4f69af7bf541430364c56245a5b63ed730fe628e49f48fa9e201c7f42b1e104eb14c3193bf79dd7ce20244f6b963e9996eb8308c0d61f444ece6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000039

Filesize
23KB

MD5
75fb76ec35595f04717e8b3f1dc3ae2a

SHA1
91770c8b9979c8245519e9c5078ca10a47524169

SHA256
62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb

SHA512
4f05ec0c9a34ecacb19bd13aec6a15794951bd42b005986967b2d8b347cdce22fe8edb0b7d24d3e470416deb01fa69c0bf0fa5ae07eda3cefc26b0073dc9b62a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
18KB

MD5
35792e91f123eadc87b14296d581f180

SHA1
f283c2e274c1d35c37da9039bd8f6d33ab6f59fb

SHA256
b8a10ebaaf8455b1b99b52e47691977409de4a2fcff998986a4800107dffd9d7

SHA512
f172630d4767fa0f34afd173c159726eb692d8d91bc8a50a66d05d8e033502f4ccb2efe77a8160f036e6ade16f5bd49a23be7f768d30c528ecfb60a9d282965c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
22KB

MD5
2949c26c74d6758b0b24f8a087e85c74

SHA1
f4cc6e8482666d0efd96c4ac1b6f7b349437a226

SHA256
f87def0570c79571382758bbbed81d3c35c3417c0ee61854328e1e9f6aa2c761

SHA512
8c1866d924767a78590406be1757dc8a54115575015b3dd07f958493fb97aaddefb9082927f65d53ca28edc9960a6fdb05bcfc98a909aaaa016698c29d0a7b34

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
20KB

MD5
384eee9b1824c7b379821d39bb576312

SHA1
40c5913ca8f24b69815274b63c7997427face95b

SHA256
fd5cd1725025f64c168ee10c9abd38061debb4d8b89e6ea2562e61d8f337e07a

SHA512
032be9942a2cda49a73c0e7ed25b2cbcb25457669a18c32429587c5539c0c81bfb8ac49fb83c7d71bb9652eb230dfacc13e4e55c8934e5a780cc9e1d2d56ac51

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
30KB

MD5
70cce0c43ef9e0847c85a44aadd7633c

SHA1
189ad874a1cf3ebac80a44f7abd3e73b299f0956

SHA256
5f17b5408d534184584987c8ff8739e36ad842967808797a3e2a8a94f21b47e9

SHA512
5528cd156aa970f17492438fd08056d4c12c3f2378c3bcc322f3a74343ea8e17428a0b1f720d6309667b959ba19621fc7a4d1c5ef4a8264bace934329e8dbaf6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
51KB

MD5
9e928f6729f8c22031b806b09764bc92

SHA1
60ab632564ed0c5326a2af4a1e8bc264fa74b364

SHA256
fbd213e02e7447d8cd862822dec1678944662030ea2297450affc4896de36186

SHA512
a48d9037ccb14a1e7f5b9fd296313871a228b9448132a3e6b0037e4b996396bc09395ee62129bbf2c85ee703a648c6e48ff23c98283fc0b622b23b301dc002e7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
16KB

MD5
8644afbdd38d39b25563719b4361e2be

SHA1
7db803e3047a7fe376f292b709441d7a3c61252a

SHA256
f81e5823e71ad1b84befd090f8e5da2c6e3d3bc1f326b39cf58328fc6bda561b

SHA512
cc41c4026662a4a66e3fed27880d2f3769b19b71cb30814cf45b95994bcd938984d6b7876b8f688dac592741c5fe19fdb42bbd3c09f25bac4458d49bfd0421f1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\CdmStorage.db

Filesize
160KB

MD5
e9fcb41b1fee21cd572a91184c8c23b8

SHA1
699099abc30e0d96c364a68f967bd2e26a1535b7

SHA256
68590788b1ba533d2f2ca85f81dc711238a37a095722823f5651177b38fc2b61

SHA512
30393a706900f3ab4f16ff326a7a9da68863ee254c2c9bb5d8bcfc95239f919b8bb3c392c064c1bfb86c23344769ded300f2c11284ecf89ee8a09d5284f968cd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eeba52106694c55908e66e79727c1bb1

SHA1
4818193169ba1fc5fa5183243ae8eb5785615d99

SHA256
562804c72c34d8506f50cc62067a7b5e24f923bd3807920ce97cb0ea64283326

SHA512
35ead38d59758bee5bc234453520430e8db36e2cf0e2e1901ae393ca13a143b72c26e61dd938acf870976f5637c1dc4db31c02f964cbbb8993ccbc40b6f05694

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a5b07854e150e12e721d08d3eaa9a9c

SHA1
e5843806c7011c876c5b7451d65316295db3bfd6

SHA256
88441c7785f46dec3622258a6a9823632ba738b4e3f9c5e79e008f2084e552b9

SHA512
885b23adeee0626d0e3b4cd7b7d80230ae48d30e6e7358a013eedbf4a2528493a6bf13a8b0584ef7b93fc7a6b142697d95a9b93cd6abe94df7647a052ca2c3a1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
17f62c5f8c47f23d01187b4ed3086e4f

SHA1
e9750091d78de19049bee3426b22ba0aaca3e976

SHA256
6728668209cf16153d8b6542ebf64b1dc1f63638fe006d0fc1d00ddfae438964

SHA512
564d961b4e7554d09ae7345172084ff5e951bcd66dadb39003d7e976f6a2b19a0f6a5dfd37570b99ec2f6f190b993348dfae23d5dd55c2b33858e26f6ab0cfbb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
019564613676333827c5b37f75e147c9

SHA1
288669eaf851ebe5d9ce35f3e291248a2029e309

SHA256
e0136a756ea79f8ba6d953a1b29a4e2e320f43a35a83e4263e9a4ef34afc7271

SHA512
f4e1289025130cc5a6863b634555acd893504023d640053ca4cc416cf7541166c4ef6fd53f2ad93b6e30028c7f90d1a61718c7f0f3ef800e8420d8d991ac3c2a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
592661eb7e0b0dd473929a9c42f2d032

SHA1
355eb5f7ed7d026187d121aec814f45a703f5691

SHA256
04b5231ba5d3a48fc8838809ed9d417c6329f7aee288cfdff7b136c9a71cb5bb

SHA512
2338598fc3131e26cb01a29118adeafc8883013314109d5e152b70e572e3c14c5c5427782e4b5b38eef2b808b87d59065d4fca4f707fc942b0f44f4039d3cb39

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c3a738f21940797835a5fd548fa4a995

SHA1
0db2de4297cebd136a056ef5060212f4773ec6bf

SHA256
1049c9d3632be0effb8e5762f94cff0ed62f83feda02300cefa71b549a45e0f5

SHA512
b5c42d1878094540688c5440296d10c2b934da9b7121a8dfa5530e85387095b8cf77da4232b45aaa7aacd47da70bba4404b351472970821bbccacccabb294f4e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
7KB

MD5
f940275d92bb71e16b75e1ea85a35374

SHA1
1f4a720a2118352a97887c8ef915fe5474689760

SHA256
498e41b06adb70c0b7e35596157127640c954437f9de38d76158949e719f197c

SHA512
53a4a155f73cb46972c1051b2f2f8132e5e35743d5c977ee0b744e713e63ce52a944001b84f093261f8cf424fd18b242ac18b9f6db386a229ec990b5f85b2a0e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata

Filesize
7KB

MD5
60a424f28947ddaa15e1c9f05a72a00f

SHA1
ff53d0ebf55697f01687e404d72b00ef9780ad54

SHA256
d85b40bedc3113aac0360fb8d08340c2022e82935ac935bf33252a9dc94f872e

SHA512
b093e013b1b99b063a7679cf8060925f3d06622cef699cb8b93d37706701675062f9b932353d3f5f6376463f74c62436e94e7daaa5e8a9abc3bea7d518613468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\DownloadMetadata~RFe5f19ea.TMP

Filesize
161B

MD5
c492b7995dd7338515183678f5e0be55

SHA1
de8236e931eebe48b71ca211d43c05f23d5f0d99

SHA256
21c22cd08cc171097b734111fba3f56d07e45632f97e1643a09b0a19624f71c1

SHA512
c4840905b81e35517dfa6c5b90e9098c71bff31b8d3ac7455f84dc4a7481ec65d14aa014e7f51a1a417ec5f7fed40241b2723e5f992dca9770bee90c2fb9a26b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\JumpListIconsRecentClosed\1cdc0177-21cc-4912-bb1a-3734fe6f41d1.tmp

Filesize
27KB

MD5
2bcbbcf34a9480cfb0a7b00041f41283

SHA1
802058d337343fe841b42dd9e75134817e097088

SHA256
16f200c0c0bbc13d6038b5d722b469f4920f40d89024aa6f645cdd5b3173b4fc

SHA512
0aec6fe4950d952d145d69bab3c90d061e1c485c07b235140d7a286e8be3a9fc83ac832be6c371572156f17efc2fc000d47457ed4e6102ec1c4cbf46a86ab1f9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6ea015a9bdfd5bc77695147bcb068b1e

SHA1
d79496e84b81a8a2bc6afd47878e23792191039e

SHA256
fbdd4b42dfc028d3f06f0bef72deae57764a55b4c545d5b017f2f03d7c310ca0

SHA512
a9fa878e98dca7bda8167977b8f25d85087dca8fc50f317c4a57a2f15e41ae86033a8e2bcfcef97d15b9e4dc7405a126a0ff369f7f8b13d88f286be8a5d01c06

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c61e98f9f495060e4f7a7d9c18bb8c67

SHA1
ce4785cbdbd855d5d66740ad9cec578813b1fc8a

SHA256
7dae5a95f0bc4b9432134b2696ab2f6d9fb9a638199509381db9e69752baf97f

SHA512
8ef69c4d3c0b187396c686246498ab7c643c108c88f2b460383e3822faf19fe93d0d0faaf330046903a3bac2b70ca0d97140977f3be792deb84e025390df0059

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c7c4d4ce55296e7798a8481279aa48a8

SHA1
a7d82bc599c7a6a94bf8dd510f39886658b7eb2f

SHA256
25cbf06e85511fc99fcf9bb864d72e88d166bd5dcbb8bdec02e29dd2f6168934

SHA512
3d88188784621f0760fa5f61cb05b3937fee32cf3e17f22ce0be39dd35be3441f5ac0bb8efbbc93c25596995b5347ba1ca7b57b20038623c274f3a509b00a65f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3bab7e5ad9f1eb96066cd335586f3d86

SHA1
881e29b601c1ac19c57cc14773b008f5f6aeaa0d

SHA256
9d6dbabdb1321a2dfd5cb36911162ed0991c820e4f3078ff81abc305c9842249

SHA512
e1ce6df6da6ff882bc3ef20b178a1c1cf537dbb03420f053d9ce9fbadab2968a8db72d2ec5f3bbd27f26eac9b812d4fbe228b34f2c640c8681c6c3ef792e0f93

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
13f31a5765392327f5a154d9eb48be03

SHA1
a7066a703214a3a87aac107c467772a9209e49a8

SHA256
76fd0c2664e3edcf1aa602fd6ddd50d4392bb11c23e83505b540d2931ca4176c

SHA512
b8ed7fb9d6cf1973dd3e4a6d4701112b504ec792810e52aac755e1e786a6deb0c6c130bf6539036e3cd58ad9d0cd0da56aecc3c867674f9d5d1b8b55360b10ff

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e844ca3198003fa5739d36ad6ccd40d4

SHA1
43dab4b448fc407309a1b98734964dac4d9c3599

SHA256
067ac9036fd732aae90de03a08859635363aff26ce4b48eb38108197516d7210

SHA512
d009832efb441dad73686caf683ef422b061fa0b6457d4241ea92224bacb8f5938877f9625348e0542a026d954536c0983e96599a2eeaa6e468e867ce9621724

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe59d2f6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ad1b58e227ade4ee5a2a5120cca7fe5

SHA1
6c4af7cd92d65c83f94b6e862cf45b840aedb3cd

SHA256
61b8410da665a8b00d49a0118715bc406513d9ce321f94fe0f483265696add59

SHA512
9a4f8a531d98f93fbcb1c2de57a18484ee97bfd321072cb35e4373264357aced68348e68c5f4a2bbafa8ce92b5df183289d7d974a1c4ad593e18039586099eb1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
83d80fa95313711550d582124c6f432d

SHA1
dab260e0da31651ffa70f37bf5dde4a5f927363a

SHA256
998e3b974262d68600640c5937a6e149d313640570c2772b140c6e168e001f0b

SHA512
a26019d43e77de7accf8e38414efb923dc9b418143edcabb20d6f09dde6c2392c7e10242d80ceaf20a3c94b56466d1fca9b045da977bf0a49d20a152d93b8355

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
3978c8f89438ee1a565d9d5e9e3ba3f3

SHA1
a024bd45b272aeee166605943ef98cb1a11385ce

SHA256
c5bf99136cf99d83b17f9b271a58bc9f9a5ca17146eb52bbbab056342fdccb27

SHA512
7ca1db62a01c52e4097ac724b291ae50670d11fcc178558bd50088a79ed0b704b3c7db0914f93348bb3b08abc98fa9f830388eb3af9b738577cc09fc5aedbf94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12b34c03ce8ee93335ad3696620208fc

SHA1
c1b35f5f989a83ad1125ae3817888c6bda6f59e7

SHA256
bfeb8c55564085f1eb3db2902704117b515ef92e5ecda6bc20a2f5338900eeda

SHA512
6e76901dea40678819ea64998f6bf90fb832d3af3350e8a694bf09cf05ccc76b0c59365101dce61b55985ae1a2357809043e2dbe10dccd1d830cc3bf4a370453

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
86101eeb9965a3bbd055a883de6adb77

SHA1
ae0f04b281696ba745e04bede80dcd86493b62cb

SHA256
fc3edc8c39ab2969776588ac4ca6b33e3d19f19f84f9b15d7c40acef536a610b

SHA512
48488b0cf5497a8dd0fe2bb44ad2076134c21d1c68285fc940dc684b2cad0a4fd6668ca43f793c1aec2bc4cb00bf59bf9e1fb060d05e0d12295536616e7834d2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
28a48f49beb35676e5c641ab1640c13a

SHA1
484d51111fbe06c8e692781663291996dae0fea5

SHA256
ad69d7128824194cf8035008700e56a83ce46d0decf5ad6305a8f78f1e48e498

SHA512
2d97da7446213878348b89c15efdba833e10be31b678c38b787c73837e0e20c53ee1d1b941ea85df08252c302dddf146e12240875656577b253ebdd9fbd7e6f5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a85d9d1a9d0b098043378d2b45a1e58

SHA1
ced270c7e9cb1fbc13feaa26303ded32a65c4a5b

SHA256
68002561b3855bb3847d2b791cfe2ae2a1e760997ba1c137014f6f809433dab1

SHA512
088437a4b7d29ca42ae6c38b7217566019a5643596832c953abe89f15b1f7d194043a39e585993cec12a2740fdbcf057a2e9719fc5b8df9692f7dd342cb2ac6d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee7ef11652600090c04ba87569877433

SHA1
0df357cfd39994ee10172d55a591b6ae579deb60

SHA256
d6e1fb551a55c658824a82fe25b2f9f16c90c5ca5cf5af61a78524c4e515b51a

SHA512
9a207d34c081a1f993c6150d7c1a741e8c28636ad85f9de163535498104ba9073baa97c22e64bdc9e6c90de789033a54f7924fb2651fdebdef2f91a5c6fe784d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd007e0a2deec6e3544ae8ceb8df17ee

SHA1
b571d7b5459a41d1b0f1f0deb2ea5a9e39a0aa48

SHA256
e82f878e82e30456518830e75e4e8089292008fbfbcd8f44f0cb814bf0e9cd7e

SHA512
162ac3faf257d4ea69b80d1f0fef7fcd7e5f00536fc7efb75f9e853e26c36421ecd5407cf5501572e78422d181883aa1451031d61189f824816849d53bf878d7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4bb86919112015ec8981b2aa957f810a

SHA1
3e44bcab16ade13564f2a97a52e7b57f26d4deb0

SHA256
96012882d28b3706acdff145d2f2dfc663aa0194a9764c193ad0fb225067d636

SHA512
8c4b18c71ed79d7b1972d55a1509011fac10784253198e9ea2cfbbca8a4c16cfa89e34b8bae1701ee1b4ce0beeb266450440fe037fc2eb88cb54a006bd85e774

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a947e5f5222e5aeebbcb47237e5742d2

SHA1
09b47d94969b274e50f0386f7c460a53fe2898a8

SHA256
f01be8b6d74a60d12825484f116d125eb513f6b4c4de40ad9875d573c2d7d1f0

SHA512
58a7f0988018ae0fe6ef9a95bfca1f78978223aff92b5768075439cb6a0b523c8822c51d9a95d01120789b6f6f25407c37f82c206937317300d3d50342f613b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
8326215a3013647708a489fc03bf7b97

SHA1
9fc091b457b4eb6f2c83401b69fae0a3c3c94f37

SHA256
cca95531516896488ab3194374bd3b33b42654b66b2b37fe3c4f8d8451f6d833

SHA512
ceebcd1f98b5b28582a091639fcb272a839eb61a031c14f022ab76da9ce9cd537a592c0b6647392b101fae9ec6abd1634325b1958e48a5a4a382236fed41da99

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
430bc0c0a68e1e3bc84e213ef72383e4

SHA1
71a732679a6dd6079fce6aa7f64fdfaea4e2b930

SHA256
641a196baa7133e3213b2c5dd9819c339d2ed4d24a41d3e3026373c90e900170

SHA512
62ca422840f3d2967a32c1a06c8fdfc570a6fef237e8f2a9b34ccf7531463e5f3ebff5de276e393612e786df09c789fc7ae472760d5acd308b6b2fe05be8b681

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
cf634eacf00ba7cff755650a0df326d1

SHA1
d7e05bccf6c70b60c36e1b7264042d52c329b105

SHA256
ba91a0344748f22905b2e67d3abc07edc8b99c5285ee97a32700cde1fb099191

SHA512
2c5e827132810ce65195ce3a813d4960d47db16ba2803f0a1014417c139922a5efac68cfdca5ad83c2b70e2330160d75c3a40bfbb920889281f5556d0bd98abb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
4708aae70b94791a90967760ffb7f362

SHA1
eb917188e125b834ead505d4d781f34103ec1da9

SHA256
84d474f38f93c176fd9f88cac1e8317b2d59b6b05ab5b7d9f28f0c933088951a

SHA512
ac7207aa6e2f22d7a8c8f48cec0007f801264d2e8c9b87258de941eb61ce2aaa62c06d62e0bd3c7ba3b37e4c6eb240808f52277899b06fad01411abbf533b49e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e08a231efccb8ebace5adfc5f88a0ba6

SHA1
69f3f86c72364d27bd1522717ba7a15dd1ecd361

SHA256
7b8f9bb5d29b95e7d820c02baf2c0242922ea5b6063b0cdb9c8cffa13d1d8e12

SHA512
f0a5470e5cb706f85f22456d1c83f558aafd8c4c27cea0d4d182d34cabdf7b87534e9d01109877d3e4cd596f3bafe4f328226a15d77917d138c3515e00b5a3c0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e014b84ba44c298f86ad03763551db96

SHA1
ca3f4e77b8824ca22676f18187038e0a22d77a88

SHA256
e4beeb752914c6ebf1aabad4bd7935bec380b465b09f8da50ec43504c71cf883

SHA512
f467a8b14eee1515bac4a557e4629fe82d3b153b699d176c9172d8f5e5fbce569d674ac03808628932cba4145360ff3172af1e2c0cb8d465a76d2b85c0447712

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe597ce7.TMP

Filesize
522B

MD5
44da98bc870a3d192cae29728770b962

SHA1
79183b56fdb2e9cfd690fc4edb47ce7842526c2b

SHA256
8fe8ab4fb3c8c11b5058741a0fe89b107609129f03b9b33d389e235738a728d4

SHA512
85ce47e7d5ca25c8cf09a6d246302c794c78502edebbc4777279950c5d770a63d55e9668e8e2920767a498b1e00100aef44225791bbac3de2384bff5a24359b4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
16KB

MD5
2c8fbf9e3bf139c8c0a22c08546b722d

SHA1
9902d19b914042f62e05f5809ab567305a700606

SHA256
d7eccd20624fe2f86565e5e3d08b9d9bbee33689ed91ed0023e07018658433c8

SHA512
dc270e57a69919dad5dccb18911442a9a4df435088d9ddb619f4eb9f5712a7733f17277f4b84b1aada9bb1ca4769b2541194d08f1f54897e9837f3e52615e8e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences

Filesize
23KB

MD5
29467bf3cf01fc5739fe85c303b15224

SHA1
8dbe321a29d6d8721cad5deb0709f2348001790d

SHA256
8127975f1f1828f18b5c7aa8ab85482139eb732ce565a35dc82cf0fc215c619d

SHA512
2a3ed3d7b08107b55afe2f2aa904f8d9b97ee7fd522f6f3c7988833f632302b7f4e11ec629acd272423ea42d290a5e1aa3a4a9883587a3e8765fd561920c9c40

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe58d378.TMP

Filesize
2KB

MD5
8b4cfaee0ebc9701d9082a66a7d820ac

SHA1
1a43f2fc84fe06b262b11ce7decdbd2f2c1ee76b

SHA256
6378ed57caa4ee745450c0dc0730dd73585ac1b568310ea5a8dc1162fb673ccf

SHA512
80e554d4d90ea5c9cc46f9f5e26e0bafccfa85c20a260be2321a56cf3fc5f802015cacedd27d0fd8a145013dfa6929912f4fffd5df0806ea966713c7f9022944

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\14cec78f7dd813166fae722af80e6ae1d985386e\2de07446-485c-4c73-8851-e1f84bc67e87\index-dir\the-real-index

Filesize
72B

MD5
58a7a786ecd9c9ac106ab234ef35837f

SHA1
fe19cabcc063572cbfa14a91fc7a7a813e02ed52

SHA256
f372ebbf42bb1e295cde8953530b58ebfd31885433e3445d4ae01744a31f8202

SHA512
b3dd84b4854fa6f843ba97cb9e37d7199034c42635a768d9b337cd185148316f7f56ea3f0a13dc5df68787f5d206fe5cd2a732654cbdb353caba9f47224616bf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\14cec78f7dd813166fae722af80e6ae1d985386e\2de07446-485c-4c73-8851-e1f84bc67e87\index-dir\the-real-index~RFe600ddf.TMP

Filesize
48B

MD5
736ed52c90b9b8b879b1a1c5f6bafcd8

SHA1
a1874fefe6d26957146fc7135fb1e848fabcf9a3

SHA256
7db6f44d251af22daf99c5564c1a5e2706ebf4376e0927450acfe4954ed3c0cf

SHA512
af201dea517cd57b3642ee901a1869eb85360c1716917de290f6d0673a2ccd0bc69a785a408553044a95ffa4ee01b3857beaa80b5e50f5a7fcfe4de32ab086af

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\14cec78f7dd813166fae722af80e6ae1d985386e\index.txt

Filesize
102B

MD5
80a8da0c351dd6a7d06be906dccdc952

SHA1
7b459061305668f7fac302934a548be74a3a2edf

SHA256
5becea907e91ea3e62aa05bece8223a4cf5e78456b21fa378465a42d36051069

SHA512
7371481e54204e592a62190171abb0909aa73e91169cb2debe1d9a5225555ded916a5f6606b8b15680e2f81d9933e56a361f6f28345da3665d58040de503af99

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\CacheStorage\14cec78f7dd813166fae722af80e6ae1d985386e\index.txt~RFe600e1d.TMP

Filesize
108B

MD5
9d6e5d5b11ae3b8054abce7b489915e4

SHA1
db0add5d019fadcbc378de6b79640edc11f3fb0e

SHA256
4ca1933eac540c3ccbe4d0a26ea9563b63961a08658742ee4b41cb6302b40dab

SHA512
9ae9beed824924acc012415ed2c9384a1af3268c02393b46338a66aafbff488da0ac214aaf066b69c1a2bcb17cb3b81a09af825506bcae16147b1d6a79823c4c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b873fd9367e947b164eed47294ef1085

SHA1
ebc9540f5c8ab6cec8c1d00a7a33ef0290d90095

SHA256
74a2a31483526ea8102df320af0153bfefd85c1580967705bd59e7c0f599a34c

SHA512
8d958d09cbaa08f9db05be412ca989346064f6823a8a2c1e02934ec19fcd898c6ca7d6b61a962e6e6babccffe142beb455c617edc92176b326f2acb6663c90cb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe600d81.TMP

Filesize
48B

MD5
7e3901d9124419cedd28dd159c07d58c

SHA1
70e583590fcc2196d84e2f190cdb45f6e4968163

SHA256
9cbea44fe9089fc43488ba3ceb112214412930aa68f7b0608ad164eaf328c959

SHA512
f7675545fe974d7ee4e89011484361cdf8776dadac2f40394542e83dd06fe08caba6ad0455566e337ccbcf94521e390a09b5503eb0820a54689af6ee8f9440db

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\fb4f148b-ca6b-414f-a28d-8933c9f3bb91.tmp

Filesize
165KB

MD5
dceb0cfa9b61effc8788488f43747572

SHA1
c43235ebfd21469a747e8a264b67f874e0400cb9

SHA256
4f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a

SHA512
a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb

Filesize
7KB

MD5
d28b6246cba1d78930d98b7b943d4fc0

SHA1
4936ebc7dbe0c2875046cac3a4dcaa35a7434740

SHA256
239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6

SHA512
b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
54KB

MD5
a5edfbb3fd6aab2e16db3e4054a32cb1

SHA1
2a6279e729ff64515c82b4f245ea080702787318

SHA256
2c8ab762bd5a7280fd47c7a0b7df4294a5975259db61547a443d5f03965a14be

SHA512
053d33618a8bfcf2989bcac571626c101a0e9b4359bad49545433e0ab9d2bb41a8abd2afcfcf2080105d287b68a301975e802a44fc7fdb3d17bbf19cf05214bf

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
50KB

MD5
21fe42daff577d635a0d3dca267f858b

SHA1
f16782bfa35c9283e9430a756ef7d5cabc17a7b6

SHA256
07029c335976f1cc0f41ad6fead38c72e1bcede152332055642fb52b135262be

SHA512
a992bf9137fa8f9b52e755a9102b5c7830d356973e60c45e863e533605f17b4cd9c6ff0bc5df5fc8834ab8085430a08f627ebb30a89c66a2c8d78e7d108192f2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
e1dc365bd689345ea783ab1291d879b8

SHA1
ff46cbc469f8524c9c09264ef37eace1a6cbaa12

SHA256
15546702cb881508bbf90b9a984236fdbfd44a3b654cc1f6e434c2cb2b3245ea

SHA512
5d0b03a71af8a24c6de15fe36e80efe310931b95ea0f856891561ec3e7e64ae5478de3fef5648f6173a66fceb2e8568f2d2014acad57c5d0d2498dd2e9b9930f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
bb4d50c67c214cef436db8376f735e6e

SHA1
5f6dbd1e5d0ff142883ef8297fadd9a1469c1ae8

SHA256
2f9c3021361d8a95cb90c4191b8b77298fcc023154e8a8ac3137204a0311308b

SHA512
90d533a45e95da6eab7ca2576f2d3458201c6f645b409f239638b0c07fa842b817c9fad2c197370e9bc32ff161ad05b78422f2923b1e9b4bc7f5ce74091cec03

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
36455037b129c948bdd9ab4e61239f14

SHA1
0b3106206e5b88106f26f2c3ab44b96e68abecc4

SHA256
9c51aa1394571ec9a4ba249bf6bdd9c78dee29e4e13d90f51064872b71012eb7

SHA512
99d99b56bb39fa2c80f8e7afe82da8f0fd812f28786151f34a4d998ca32fd3a4431192c981b07fa378027511a9e50adfce09ce051fbc2ce062ae9e8caac703e5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
77KB

MD5
611eba8ef4b7a8763ca7617392c87d03

SHA1
ad6566b333aede49d7b8401c50bcfc9cffdf60e7

SHA256
bb3376116a8458aef4b044563b0dbd0aec4f68f585eb5ce217af7c66614950c5

SHA512
3513ced732188333d63f5bf6cd26958917f71c6e745a30879c56ac29cdc95fc974b3e08af1fef55e1bf255ab41360b9c86836543cfc1975b84970b50230b308a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
70KB

MD5
ccfb8239406e0f73f9b33bed090cf7a9

SHA1
59df4dd0e50b0ed91fd645a96f37e329a64ac98c

SHA256
17d4febbe31bfee4de65a7c0cd3c6b5a38260438303c212e1c7364e85d9aeb02

SHA512
314c337fefb53f7a73bdccdb00eb8a0fbeb1592d4ef3cde1bd33d3d4a5e8df67e993dc5387bdc71630fead74e3a9c2b7a94e0834cd30b255a73a570667557750

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
78KB

MD5
a81ad229bebdc4971dfa4c317b225ed4

SHA1
f9f22733910431be2098ffd871e8d5a8409855aa

SHA256
0191f2c9aeb0dba1f36ce09196330099d52689a53168d7e4ec9d01cf4f75f538

SHA512
641a7bd4ae3daa953686a2feea9426585b8f10025c114508d8ae5cb18ce546adf38b699851ca5fa7f558a1bfdfe56de3501b1d7097aa522b23096c4b8364c61b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
74KB

MD5
aee957261cb114f09f9b002cdfa90afc

SHA1
c0baec3a1380f833d43df2d905f3966d680bcfd7

SHA256
741b58aceca3df4d0a510c3b081629a9cfe0d9fbf0adeb130cfc29b1bca26093

SHA512
2d2eaa3791351abed5c1af96090f6e39bc2b49a93a024a8e77739b96ca95cd571d6a2f29323ef63411251eabc06d5415605759efd29cb97861da27ac53a83581

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
78KB

MD5
85c3b783310a6c3cab743b0c457d7c11

SHA1
955d830248de6bd1b79ca85c4fb3626d553aee73

SHA256
fc86201f758921dd9d2a31c15551ec6a5bffcbe716fca7800304677e95aab653

SHA512
a0808a5901d6041371518b289e1126d9235cae75892519cf7707b6310144f0a25c23de7411b135e96aa77ff430f5aba25c5caa9e4b69a9698ff8cec643945ca4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
d3cb23b9d968e89d262d41cf5a9a5853

SHA1
54a16e3c4c677bcf383417c08973716fc3880ba1

SHA256
13545e273ddad288831de979e63a476f0058b5f9de10fa6ca290817ffaa94e50

SHA512
c702d19e43488514365b349cd234c2af5e566ef5a1ca953c2cf3286ca31297aaa9964d5500dfb2e5a550a2f8aec4d7d0638c18afa2a8d3cb22d1a66c1b11d06a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
3e2f26bd9402dec00c6bef58e49e560e

SHA1
5b21a0c99e2c9b4765893f934801528fce64fb3b

SHA256
d53a9711bc42983ca68e945ff77125659eae93a6482c9ff5a6b3bef8b234effe

SHA512
17702e0b4ebff92434f1f86adbfef992b437297be2c186be812e451c518b631d7c06b7cc9ed85d8104e7549ade2997ec2984633dc14dddd0f4b1e280efe7ea52

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
f03ee6908e27a9196e27fb7446f3ad37

SHA1
8eed281928c31b5a9e744934231239418df3ee63

SHA256
e4c430a4e20b3f3d4532494c37e42664d7c5c1eb96b9994cd1c283d30b1a4d2d

SHA512
68a16c685ce89f447b2eada8e88a562b0ed52e34443bf6bb5050a4ef51c2d21ee26968a0032fbe4ca991b316a49089c4a470380eedb61347fd6a50f65c0381b9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
68KB

MD5
56147f5b4295d19fb3ab50c8ef28764f

SHA1
d94048781aacb7256d4cb440f58a078b2a0abb81

SHA256
b9e7c13f4c5ac8892157ac1d0ec7c568648d8c0b420b3ee7d9e37d86ff689d3f

SHA512
cdb988460e5ea59d52c72c9d4f447d4bfb53daf4de64f24d9c2b8ed4126898f045bd4039acec1a9b8f3e4c17eb690a9e627b58073b2fd48b33ee43426450822f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
dcc7692c41dcc1c012e027c322ef0ebb

SHA1
c9297914c3e794353676957658809e892e415510

SHA256
3fa3a543f9b325b878c0889dec61cd34bbba56ca59e55d1ba4a403c71e6e3d14

SHA512
ae124af2e4c755c36da9a2a0205456a7e42721dcca5cf02b2e3c0842c24570f404bbf93f1aa0813201e31cf084d9698fc25de82a33f452c3ae0afdc370973a0f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
4a0f1c3a2e6175b2a04d634213de6ffb

SHA1
db27efc83bca996d9329abba369bd2675e8dd545

SHA256
d66799fceb57023246410a3a0df42d5fcc7f4e2e582d449aedada3c966f1feef

SHA512
4ed4ac0168e52896af5e1c686c309a596f1c40daee6c79bf28899c5910881c320a048b8b59315bc0db75db622f5fcecb270e421c2961260c0c5009ee02b6ecb5

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
2a00431ab7d861ec00764030dec25355

SHA1
d6d076486377b787e13bac8a06afc36235e1923e

SHA256
e493a9bb9733559b77823eb45617a6939930fba9514c998e1477f5b43d2e80d9

SHA512
6a8de21d01dd42651f02cc1672500868f7eef77060a3e2cfb6a2e7019b498613b2610277cd8b5140618d3a8cc497502718fc861182ab1a0ef88591e67751beeb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
b8330c1089eb3c2ab95d666976a149f0

SHA1
e797e41d75887b8ee0fe7a9a66562d7e6f6bafc5

SHA256
140f82f08f82c5e5c3637ec54e2b2f3262735bdd9405920a4e54a6db60399547

SHA512
79db802804ce579e33af0ad719c11d2e413b082a4cfb5b84040b0bbfbc92b0a3d451e5dfc5bfc0ac7741d3908fcbb99aa2c6e534dd56655015ab19631496f616

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
6ef7e0bf2eb8c8a15b915bc07e1605a4

SHA1
84c7f27103aa0c854944d7812b77752717c14e52

SHA256
627e1002b6de7184b7d6fad6a1e33cc0e49dce059dbda424ba6d9c5b44928f22

SHA512
608d6851c075dc7c012eff365cda93f8495429bf3ba4432b3a3732e893ca6a8c68e9d0e35d84c841eb62e91672099bd9398fdff9c0f961fa287ad047dc364b02

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
535865a81a468752ae20dd6bf347b51b

SHA1
f72e1bdd6bb8d0ccc3c37893690553dccf1e96f9

SHA256
8da79a7dbbc22753f65961d5eeae5815dc34c1c2f7b741e8d8bc1d84d296a299

SHA512
3c0a3cad1405964c0b20595f7914e61fbf776c18e8f5b85237962c546c99fa95e10b11482acb8cea2848cc15dc892ae8b1c12bba9a47e775920fba656368a71d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
70KB

MD5
cfa5ceb3a4f49ee1a9dd03fbed651119

SHA1
1e61a01a9d7c3fedaf8ff9114ff2538625bc44f7

SHA256
608f498217a9a3a1019adfa88e0ebd11ae00a960fbf093c7b1df43a5d10b89dd

SHA512
a5ae1e38e20cbc2c3ead4596a0cb9025462a62522d4e31137ffee542d9bc89e8b0ff462794567970de6bbcfcf32f7d0c23f524def1bedab93b8644915f286802

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
74KB

MD5
85fadfebe66c29630184722069a0bd7d

SHA1
0d545b925fdd9ac9e729e330de26104a735b98a1

SHA256
36ae435d010565b0e40785b402c2502cda7730f7f8d969b5704f9c897c4aa320

SHA512
18c5149fc7b943ed2d6cfcc826f08adf926ff132c8bb08d0c5642a3bf308019df60f2649492c5c39b59bdbd48c618e97549a269450cf104efee6b62e94b1a0fd

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
b111c2d23bc6398d4fdeefb4a8f946b0

SHA1
9fe38fcc2ab1b8492db6bb8cc32d72b20e3786cf

SHA256
a8105c9d7ee18fe5672e74b02f3a43c3ae29dbd4f7d083752268d9e694787488

SHA512
2caf7ddb019b4432a1204b27c76c26e6a2ff431dc0851bf61cf6490192701f76f89d7a793ddcc2214bdf8a5c1a3f9790f09603429f7dcc718676c459e396510b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
321c2c1227639826c13da995b2c8500c

SHA1
201321cc5fca93732ec6e876a91b4e7ab3f10429

SHA256
c6c57cd0b8482248acd8a0c4d5fb17588d7b2a5feba9c54fb952b2f6b51967bf

SHA512
7e26f956435c1c68932618804c3ff40d5bdf3921191c46b7b286b76af49dbedabde527a0584dbb063199d6725c684430e6c1a19f0a8b66e09e4d2420488d9ab6

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
74KB

MD5
8829c571f4f51400284a18d308fe492c

SHA1
79d0dce5022c2f9fe96ae18584dba7b04728e2bf

SHA256
f18753a3f1c3d3b2003c7ebbea06f36649900b89cabff44df1dccc5e2dcee146

SHA512
13870fd9ab495cd3f7fb49727c9ad031a3719f1a3b7d078a60fd9b9bc0fb3f922276338655ffedefdcce463ecaac5eb78f36a5e41215f82de150aba5767d3436

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
ac56f0481943839313131d2da7ad8e3e

SHA1
4a7d0563ca08478bcb6d80163433a8b07b9c3aa8

SHA256
fedc3108023e982e8d556e7b18928434514e307ed9b39c3e3895354b89209479

SHA512
be74394aff4590f8890733b7b1a240d5aeabcbaf7799a95d753c9dd56be2125f17f8685118f8bdd3a42e3a305443255a64006f4f2feb6c540bf324b2bd84179a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
68KB

MD5
9aaca09e22e239c01c8a6bdd548dbbb3

SHA1
43b6b75366bf35915e7376aae0309a163daba2ec

SHA256
30be41ce5d4967e4d189670452282f7664aa56d6f7eb797f4d29de815ceef17d

SHA512
a2ba9da51e82e7d5731209d125fc941d643c2fbfbeeeb25215c29066adad13dbd736debe42fefa3355a3f793745a53db2085800ac1917cb2f8cb9d53aad1fb3b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
6KB

MD5
3901983181fce2594092368b8af070ef

SHA1
f8ae5068da0dc48d2c7ca45fc70ea71203d09a45

SHA256
73d0ecad99120761e2f5f66e7cdb8bdf0f1f7fca1ad8b494346392e9b9fbe864

SHA512
46f77cc82e6f2bbf5ef8d8a0553f8ced8032853fdd81c241196ea92916d7396aa074e0e97ef7a901e6b3c17ae27df3fb1814e1e383d0d7c95c05662e3f10c876

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
ab2f0901fa4c2b33a3f3c0eeffce7a73

SHA1
86eaf418b9c838b9e64eedd2d9b3a4c299a456af

SHA256
c0747c1f3810fb0ac79df5bdf50db900b124914b6724bc455f188e46887c5b3b

SHA512
5114ffaad796d758c26ad7838cff9462ca03a46a35aafc436106bd6193c922bce4963e008ded5d9b93d74f84ab76e511ef9cdb385cd1f013aae42910706db748

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
67KB

MD5
868904754188f9049a5998502635c12c

SHA1
5a1c1b7768152d3ef431115ee8889d02dea6b0cd

SHA256
930ec588facb74076eaf8d18608837da45d61e6a99b6de9e8a8ee89a411f68a0

SHA512
ce6a1e989597788a448f2cd11d911531987ee1cccf37dedffb7ca3711f2c89f477852b6d5109e1c4b17090822dd87ef966d2bade554d9b464d22b9fbc3ca4c1c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
618693fb219e36ad3e905d58d4e53cc3

SHA1
07fa9e5b17ac7bff493bb91f5577189250691724

SHA256
9f80587d99ab62ffe93f8fcd2de7e7b04d865d52e499eb6855ec0d3249d3973d

SHA512
ca7050cfa1b04a4b8e780299caba173e8580a59e55a73532bcdc233d6fe7c03b5fad127d7966d8ac7d41992102880bb6938c701a9ab6208fc922e0e6585cfceb

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
57KB

MD5
727fb5dd2b5922f645f932ff4d425ba0

SHA1
8689c1c49a6ce5198554f3f8b7d63b454d594ae5

SHA256
1815cf48963f1d89c99a9919021910292a2bcf3dec7fd2080b4976800ed424b8

SHA512
25c376dff9c36a96449cc5ceba92bb7b6b3489a29e8163ae43c45de6d398990dedd829f0af83419cc626d78de697337a805f66a2ddc84533d46bb72b502a1c0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
51KB

MD5
55fd8bf659662ef0fc6a52b6ce576596

SHA1
b1ef82495ddb3111bb3bf85d5eb08cf750a420dd

SHA256
b19036c2e356b6aba695f9e04b672fd77afdb6285e91820994de88be0b2e86d0

SHA512
7eaf3c599059d50eca3637f6e4a65b4159b235f4431fb5b7d16c5fb44af70e8cd37a4b6a0551bcde4db466a827ff0cc89f1fc95399830158c36fb32f91c2feb7

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
68KB

MD5
2d733d709091191f7086c68c4e2fb929

SHA1
8dbe1ad4c5d72705f480fbdb46cfbe96791d1a0c

SHA256
705ba72c72ac0850b79d0b2515294b83b8e7524fa9e16a7c2e633492bbc343fd

SHA512
413dd88a75c111a0f781c63b9f5538f42b200d74d3b300ae06eba3303b7abe65222dbfba1895ce7bab9d6651ceafb9c62c2530941f6a5a6d847019bee97eec80

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
63KB

MD5
feba0ee91dc03a47bcd60daeca947b1e

SHA1
69efc0697b99a9d4eb8b88a73f524729fc24b2e9

SHA256
97ab5cdbcf7e95447404c2573cccc0f9e246217be0296233a99f2f7189d817cb

SHA512
021f98bdf04f5f03a78a3d7ff51f7dd5782b144d1f27120fdd45798d3a938e8590c6401ee941713467ffe943e7fd11a4ee093b2c59fe39043b0d95761088099d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
da38e29f68ca00b05e4a5cb7e24d92e4

SHA1
ccfd1904ab9e1d1f71bdfd94d2a16f6ee2f65aaa

SHA256
30997f40c8cc3781f933b53be9bd642c3b7fc858e52a0db1f8d21e5ab4f8b4b3

SHA512
83e0d48a2a2fe95e6c039c20425d986d77afecbe9c03fa8f0a256ee5747c55f1e8ee58fb4e58b4dff101cc1e549e3105c51ef25ba8a230870f2b81ebd0932d94

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
73KB

MD5
68b62c877501cfc0ad2a941f7e46731b

SHA1
94212428224f4bd48968cbb0e726f69277aa63f2

SHA256
5ceeacaf95cac4c74f2b7ae2e965ab74ea4fa472879807b5805e91c0f1993d06

SHA512
ac4138d736d9a377a3ed7b678c8eb74c8032247baf348ec51e16162896e1e91457b699de2f63479f6aba6c7dae10a2bf70fac7c778d05ef56f3be7d3743338da

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
73KB

MD5
0f7151d0ef0007fe66d426b2296f8221

SHA1
06ee83764c0510d3a6e9c86c4abafbce072d75ee

SHA256
a7ed2d3999db064948586cf23b6bb11720ca5f70d7f2514d88d8420f66b37f25

SHA512
89dcd4b4c08a05e9b57083bd55a8fb0e86bb8c293e3045b9639240be8dc16fc33b8ea8ebce76738c800d8b45d3117abaf3fb6670295d164caf5116b857a90452

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
60KB

MD5
69dc68b8e4b76f1795f5988545386345

SHA1
9552c1b394ba31365d51a861c4c14524834804d8

SHA256
6734872fa702843f9863a6e0c82551f6ff43f68a034869e9b4def407b2d30196

SHA512
3bd0fe4e7cef376bfe8b98f06ffcfa75e376ecd4f266fa8752200603ee25851acfc6fdd16d36edeb1b2adb1c51de41930e4394530f041373dc8252ecbc45d991

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State

Filesize
71KB

MD5
92959210c613463093fc494b3c0ac1aa

SHA1
684912a6927677d5f1dfac284f1405047f12061b

SHA256
1e95ce5b53bdf5df10dfcbd4da090e1832d025b9dc162eaf2ba1e30e6217deab

SHA512
7eaeb3c17570498f40eec8361cd761e0bba96695f3cf7d5b0e49a687fd950b20c3ce1245b52c3d0a136d16240214160d7ba70a4e746610ae98203dc5b7ff38b4

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State~RFe58ac58.TMP

Filesize
6KB

MD5
5a0f6596a586c0b6ccf629f895731339

SHA1
79c24e063051984338e2aa0117bc0a005d2e1684

SHA256
3137c8c6ec6a6aa09d83a2230c274fc77db96b486375b71df6e998f50a54f963

SHA512
85c89ca76c28b8c47218774f60e71064a1d9351d60966c93a3b74848341be37561fee3df9129db591b040a056a6227f2a83148f1eb7f5dd0ffe7aa6b25601b0c

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\crs.pb

Filesize
141KB

MD5
57086b02f74c3fe7b79a5e2e3d852322

SHA1
6420387225ddcd5210175de4f3fdb0ab2be8ee9c

SHA256
a1b5be8d4aab349aff58ed34e1f3bc6647cf440830da0a12a8bd5a1c976c6407

SHA512
b195eb9a9129863e75be603b00b85ecfe46360910529fb38513af6940f9d17efd56f234b47963452329cd85b16bebb5a85ab5d304743e57d33bafd5b59900468

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\PKIMetadata\1184\ct_config.pb

Filesize
50KB

MD5
46b4d311088a1b5476ef5378009fb040

SHA1
5f4e068b959d6b52a46f4ce9bbca3149fd3178bd

SHA256
33f556efb669f0078999e06d42d3d29393a3909e6775f3fc2eb59e28588b6c14

SHA512
3f85d8f6eaea9c8d39df16a527b9d78faa67549af4c1e4ae59fa7bb6bc0acabfb35ad808cfe94fda07e60ffcff26e0c0b508f39e1aa6ecbf63dd9da845128400

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\TpcdMetadata\2025.1.6.1\metadata.pb

Filesize
33KB

MD5
0f83ea8aad2d94a32037e90f2812611d

SHA1
66a2879b881176df793c94f6833441fe153e5135

SHA256
628b2de57b5dde868a30e9c45ffc6ff35a820c93a90d3f4ff61a1ff5396eaf54

SHA512
e676aa774c099e43c00ecd42d2f10ae194910d9b694629abdba763aefc1d2c541cb1133ad3bf74df08fc6f8fb32b3f3047c07375977ee8d0f8bad9eddb7bc388

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.283\list.txt

Filesize
149KB

MD5
5f5455741ebf6bbb4293184c410b4414

SHA1
f97f61dab887a098bdb2ce5b2a5aef020f54e5c4

SHA256
2f0e8f3d3126a613fe37503fe314cec4553d7c47cb1d5dc32dbb4e2a10b4709c

SHA512
5629aa5b07690e73bf246555a8dab56bfbca07d62571048fad6a58a97fd93b09be93557b40667c92f3f6667530e1a0757b76d93812e0d11ee1972e0c690e9f5e

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\Greaselion.json

Filesize
3KB

MD5
7a611abbb6a9a924867db6020cb190d0

SHA1
e2f19e2ef273b9f5ae247873ce3306e774961d3d

SHA256
b080bd46957a74b2d321e701237222980c202f4139bc4c33056e8b8824f64402

SHA512
6646e87023a890e63c7c7aa6b006b41dddfc7b9005a9d70fc114e45614e8bb652fcf4450f7bdf6326d31611d4d4c12f40cdd690313d56d6b214682d98a5ac898

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\clean-urls-permissions.json

Filesize
268B

MD5
00acb0f14b6b6c11ce80107110ead798

SHA1
2a40b0217ddea6d507234f236d3889b46ee35baa

SHA256
2e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca

SHA512
c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\clean-urls.json

Filesize
18KB

MD5
3e6714a16e04d03f205a85f2563eb1aa

SHA1
a76641cf3a4745ae2e4426fb10b73a6af4f1f272

SHA256
3c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0

SHA512
05062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\debounce.json

Filesize
11KB

MD5
e0df2d0dc75d2deac9eebbe0ba8db9ab

SHA1
d0636e518045a34eb081096f86609744fa47ddab

SHA256
5f05b84687de1011614eb1ededfe23d6f98fb2be47ea1a04bae0c95d9a3113c2

SHA512
c086e251cac5c121b8841f0dbfd2a45af99991a8b4bf584727c6bbe7e1e52d2361d2ffeb099be5da937b17d3ea36882d7516ebb294b5f2ccd9959424c2a5a0e0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\https-upgrade-exceptions-list.txt

Filesize
86KB

MD5
b8ebe8c70e14e1bdff4bf04cee9055a4

SHA1
6a8eeeb539eb5f630091a971585bc77731c24b12

SHA256
a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e

SHA512
9240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1025\1\webcompat-exceptions.json

Filesize
6KB

MD5
54b1343eed0640cc4b415bd1ef50dba1

SHA1
df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba

SHA256
9344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4

SHA512
c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_Alyssa-Skala_x1280.jpg

Filesize
308KB

MD5
2bd8dda959c6b3e68379301df36dfcfc

SHA1
420fd6daf63e4fc896a8d5cf7320fcfa8f3bb7f4

SHA256
225b36e7a6f884fd3dd7206851c35b27a2f882a3d8bd9217799165b357bc58be

SHA512
b0cdd950dd2e8af198a5aa053b3059493032b609d8207939045c505085463c7c2fdbd0fcbd0655f841f89b05d04b60618ff1679586a42a0e38329d72ad8f4e3b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_John-Ng_x1280.jpg

Filesize
418KB

MD5
3d133899b87ae6e9516b7c2a563b1694

SHA1
1dcf87d50a46dbebf271e67a75d27716f0d7daa7

SHA256
425257fe0d391eda8c851cb06bf8e929d6078b23c911ccb643623a21e1a26c7f

SHA512
cf537d86c84f7c9abbe9f8d212765af35aee51a9ee9f96a2c1ce39f031ab797891b76b9c828b1392673344b88cf9fc536b77345a360c41bfadf2c027ca257cd9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\StudentNTP_Sam-Richter_x0825_WINNER.jpg

Filesize
544KB

MD5
f66e5fa138432af6b40849484545b809

SHA1
25942df987649a1bddda636686064d29dca799a6

SHA256
65b5f21ccdcbdb23f39baf036ae5eb3999f3e88e241bc57a3a4d1bf0fbfda605

SHA512
29a512f0f028b2c4e53f492f6a4fe27cc88b547334466341b08b70724b16e7eaaf70cb0308e251f404aa6b80db972a553438afc3894440e1b1ed0962ec7a5319

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json

Filesize
6KB

MD5
a7e80c8cc5121a2febc654140e53ac32

SHA1
c3b1b578dcbf91aa19e65d0ef6974c165723828e

SHA256
a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99

SHA512
d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.11715\list.txt

Filesize
1.4MB

MD5
da7545c0de17851ab9fab39bba4f0dbc

SHA1
051d01175fec138e80d7fa13a8d72d33f405d29a

SHA256
01f5c329c98d0a8f5bc53c2098913f85e625b26f7721386db9bddfc575f9a9f7

SHA512
bb99115665f721d3d8ed6437bc1a3d7432c4fc57cc6ebd6bd94d48869a3c0152c955a082703f15fc2ee792d715f8db14cdde15d8cb170d831d489f71a487dce3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_af0c3b4e4f6e5a6d36a9e48d7fc2a6b897e9b489074c17d563f899ae06a3237d

Filesize
50KB

MD5
c585ab88774559f466e99ac16889b9f2

SHA1
e69ae7851e81b7ed095be003688e860db838c272

SHA256
af0c3b4e4f6e5a6d36a9e48d7fc2a6b897e9b489074c17d563f899ae06a3237d

SHA512
9405d7de2fe7f6a75fd786634bc8e1e2d3cb2ade1e82984e1369a8798900a8e5f28d1627ac09ad93e5e26e621ce1c2ef8bee7596ee832030d009e228b3eb8439

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_a58adefdaf784d8e18be7361cc1fc0754006ab0645db39e030cbd2198fa1635f

Filesize
71KB

MD5
08e05280d696d07c593d854939f5797a

SHA1
044db06c4654fe2e82fa2bc1ed4da36ee95fe323

SHA256
a58adefdaf784d8e18be7361cc1fc0754006ab0645db39e030cbd2198fa1635f

SHA512
1e18235702880626275e41ffe5bcd81ed0b44e790980da3356cc924eccd9f9437bd1268e9a6b2f94ceb648ba740001c7b91b77e8d24ed9ebddc095806d7397d2

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

Filesize
12.1MB

MD5
89c01a540e21a6012c4292eac6100dbb

SHA1
2bf600a9d372f38d37c64a9df5cb26d5cb046cf9

SHA256
9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a

SHA512
abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_6ac38d826343b792a3ed5f53edabd652f727ca011b8f139f29d6452a9434b846

Filesize
18KB

MD5
c70e1eb9d448a0e66ed6eb852a4ae215

SHA1
36171d4297ae4a079dbdc7abad5e258c195f818f

SHA256
6ac38d826343b792a3ed5f53edabd652f727ca011b8f139f29d6452a9434b846

SHA512
cb3abf830ab4930933bd58d9adf3462a9cf236098bdb7588b8cfe59713f1626fc739df41815c6dd07a46e2d2b497600582d880152c68713b12fdaaf5ed8601f3

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_31fcd591426bf8aea0e424f60df074f0edb5a09471376dcc3223eaf89d23e03d

Filesize
414KB

MD5
60ab6e188709b349d645748601841116

SHA1
1c56f35fef553e7d3ffea1d574a1d1cfb8dc5907

SHA256
31fcd591426bf8aea0e424f60df074f0edb5a09471376dcc3223eaf89d23e03d

SHA512
afe242584536eb3b864abf0f6bc35049c7c637c1ca3e6ee34541f9c19db25fc72f684399154f825283a60fcaec137f5ea4491623565c0d6b6deef3f3a088deee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

Filesize
150KB

MD5
e1900863188285f81af2e44329c5dfc3

SHA1
fc1234b818d73e3925c9e308644c39b7b0a1eae9

SHA256
9645143596dd859c7d9cc843cf13378660ea1b16e7689770d229142a0a3724c8

SHA512
be5c29c05ba5a79118e5b4d3223c27b50a00e89b429865267cc468a447fce91ec6e27fb5efef108e362a9d5722ef915cbf453199253b8b08560247be2566ebe0

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_7ae9fcf993f68854c48606c69e5456b84f6cb59cec730bd45b11262076c2470d

Filesize
1.2MB

MD5
332676df5849a5a90f9ed4d9b1dde14f

SHA1
06913ab5f20a32c129fc0dd467f785958ed97071

SHA256
7ae9fcf993f68854c48606c69e5456b84f6cb59cec730bd45b11262076c2470d

SHA512
acb356e36a3d898baf4855a32eb0704e8653f50cddfb0cab503aa5972088aef9a2cacff83a1f71220e2a3d3b595537f40a62067bb8bd5027806a3fc215609b20

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\ggkkehgbnfjpeggfpleeakpidbkibbmn_1.3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

Filesize
10KB

MD5
81c39099b5a4e221569eeec0a746af7b

SHA1
0601105a54e905370e965cbf8cf78bd6d8e300c2

SHA256
3525216abfc685f109e0efae397d7afe8bd1aec6d081fefc730947cd3e734f2f

SHA512
42011c20c52733df0116c4661efdce06d8ec70dd38cfae2cad45e4b4eb7cb24ab4061e968e4d5766e4203b8c4caaf2b6727e55bdf78402157a19eca0f2e89140

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\giekcmmlnklenlaomppkphknjmnnpneh_1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

Filesize
76KB

MD5
34f31f85a6b2a69a074939e4e231a047

SHA1
97f6d1a966baa94e686aef7fece23bbf099fb8c6

SHA256
9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f

SHA512
20f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

Filesize
4KB

MD5
3a03f3ab4119a23fa6b70a32a6fcd4b0

SHA1
5d047a5da7c7f388416aa50b5fba745bf5f36eb8

SHA256
69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f

SHA512
8caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.a15da3a7e848826e5277be2aecf58ed6e62750b989f4d13ccd0931235d341eae

Filesize
595KB

MD5
f7a991c294a1aa710833441826dce077

SHA1
77abb0a5c41efdb264c794760bb9a5df086342f7

SHA256
a15da3a7e848826e5277be2aecf58ed6e62750b989f4d13ccd0931235d341eae

SHA512
cc5f70cca942b34441aeef37eb193286cfcec633423f3be181b926d21b44c6889fb32744f70882277fefcaab515770c74d1e72fe9242dd2065dd0ac27e600fb9

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

Filesize
17KB

MD5
a1b36d762732f9439efa78708a40dafb

SHA1
6533b78ae795077fa711c67347eabdc88b5a6c6b

SHA256
44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72

SHA512
8dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_3f0dd6bb4272b8ed316fcdf1b83a42c5c79ed9d90b4116f832235b4aacd7afe6

Filesize
1.6MB

MD5
3d291b4ff86952e148fc001a548e308e

SHA1
0ef9e15b2b92a9f4775e742e1a5cc28187c7b15c

SHA256
3f0dd6bb4272b8ed316fcdf1b83a42c5c79ed9d90b4116f832235b4aacd7afe6

SHA512
fcd4f4917e8ccd87e944d4282343e099b4de882f1cbb3b8f7c1f6e470a5e1d4f2efb23a2c5307630c4593e0f747cfc48c65f26c029fbfb3b39c7b3c96c0db7ad

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jamhcnnkihinmdlkakkaopbjbbcngflc_1.c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

Filesize
1.1MB

MD5
2ac309d48a054c8b1d9ea88bac4dbd6c

SHA1
7507922d88a9cb58759b5326fadae5d0c87f40b2

SHA256
c52c62a7c50daf7d3f73ec16977cd4b0ea401710807d5dbe3850941dd1b73a70

SHA512
870dbb86a67f36a43ad4c80db904e76b602bbe062cbb9fe4222d1cc69d99aa4a60aae91c094a65a481d8c62cca4942f178f1b2744ed21836a526c7ffe3409969

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflhchccmppkfebkiaminageehmchikm_1.4a54c9608d3cd43d98b0a7efb59dbf0dbb96a894b590c8c12aa887d919a3fa62

Filesize
9KB

MD5
0cb054719539c9976740cbf6347deda4

SHA1
f67b7c673822110edbaf783c4ba6002914f233cb

SHA256
4a54c9608d3cd43d98b0a7efb59dbf0dbb96a894b590c8c12aa887d919a3fa62

SHA512
7da4b2d87af6f0601479417cc6bd5390dcab2aefe03ae9414bd7f9b8b033baf8b7952eef7d1f9f465d7472cc14b40bca37c583e00fd6508d5388c19db1c26c7f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

Filesize
77KB

MD5
1068b68cfdad67e39e13fb7b97adbdb6

SHA1
d3dac92d9c28b948ec33699ff69ae75a900de6cb

SHA256
e698359726dbebe13881db2d3d53856d8a3a1ffba048ac94773036cd08a60240

SHA512
da6c4d63d8d22e231d5101d93429a3ecc33c89d62b5fc969c7276816d79f8cbe45a16652507581480edb83b61f0e1c57f41e4432f6fdd67c878f38e0d4eef64d

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

Filesize
5KB

MD5
93e97a6ae8c0cc4acaa5f960c7918511

SHA1
5d61c08dde1db8a4b27e113344edc17b2f89c415

SHA256
44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319

SHA512
e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

Filesize
179KB

MD5
62af22ce07e0375e66db401f83384d5d

SHA1
468b255ebdfc24ff83db791823bca7e78b09f3b1

SHA256
bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3

SHA512
54dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

Filesize
5.1MB

MD5
ba2dd3578e017160515508a271b9f664

SHA1
b5898eabc9b14b4d2b296a757ceb5468a7ec1e69

SHA256
fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

SHA512
5adbc5de11e3b153781e362c23464daf543970ea693f0ffe43dfa393de6cec13a54d74a82182db1263c59664722fb5ae979345a4bf50dceef8441544e0d11b79

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\ff25023e-4963-4fe9-9318-b4d0f7dfcfda.tmp

Filesize
68KB

MD5
be8b7e1704aafcdd5278ce020725b0ad

SHA1
be364c578b30dead301eabade55721b0ba0f5489

SHA256
5357736ffa31a5bef80c2b97e857c4847918244f6e3c0fee85fc2c5c40f67487

SHA512
b340aad860a840229741ec9f6b2675d94e0dca31033ef3e8e2324c7c65a85271477c05850d610534f1fecdc81d1251fe95caa025594862d2fd6da38c6d66b7fe

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1843\733265a5-cb2e-4388-80d8-41ff2aca4f74.png

Filesize
33KB

MD5
050c997c097ff116d74ebfe55e4987f9

SHA1
6e150b6df1b0bfb17558f6af3e455619b68f124d

SHA256
03317454364bc4692da57b78a0f1fab8173b364374f5f165bf536115a37dba88

SHA512
0be0912147351e713bc09bea22ed485d0761bc442ce5a73053a3ac81eb9c8cd2f917132a0add117d44ccab6c15a90b547e4f3a7c10f86f7f500999b854d683a1

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1843\d7f67249-f019-4471-ad6d-6b66323241b7.jpg

Filesize
385KB

MD5
120738eebdcbafacf867275bde67052a

SHA1
7c65e8a52a17a9baf9a21433c51a950527dd669c

SHA256
e291c22f5ac81b04d8e7aa71eab41dc4ebdf4e02b855ebc069915200bae737e1

SHA512
2e22bf34a08dddea168ebc00e2269f84456486885d5566cc7e8647d793138b6e523da7a002c13520410f4c972b59e0e2a78ca6f7b8d4d1f5e7615128e0b8d98f

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1843\photo.json

Filesize
3KB

MD5
7f469d0fa115666441b89b6071e83db0

SHA1
67ddb4779574f6aea3cfe1ebdf4ac7fe689bb5e5

SHA256
800fc7488d95825f4cf8edc45a6d0241a0f5e217f4c35b68bd82c051dd8ed249

SHA512
79fade254ed89f9179f12504a6b518bfc3d01552d5318121432b6255a8ef8cca4381264a696f1392d84a4066d99b82140d23e2a79ea2fe3231acc1f3ef45383a

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json

Filesize
76KB

MD5
d1d6a9d9cc2ada3f3bad8b0da607f4eb

SHA1
1d286de6436a8a28584744f022af73077ed64601

SHA256
f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad

SHA512
4c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json

Filesize
4KB

MD5
57ff689022f2d93d2287ac3b48daec73

SHA1
937b7dc21193a27607340af7fb7b987b8ea50582

SHA256
4665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c

SHA512
1b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json

Filesize
269B

MD5
20effecf10eeb0456cc6f537c802f172

SHA1
8fb3968af27ad30c639f45a6fcee99b48ef79878

SHA256
044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d

SHA512
6a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.9952\list.txt

Filesize
5.6MB

MD5
c25ad1a329b6431052a09ca5192eddb1

SHA1
e3a8e1e1d92cac2a00cf50fcd5ef5427f09059ac

SHA256
a44bdcbddbd27a88fc56d212439ed9f4fdc8b80c5692bf278870a91da34efb41

SHA512
44ec2ab426cd78cd0d822b68f0194b8fa07e244f54d2739c1d9fb82615a75da220a1a8e2f6844417b9937a34fef95e621bf280382375578a1c3ede5218af594b

Download Submit
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json

Filesize
1.2MB

MD5
f7e232619fcd50a55c3df6ffbab0245f

SHA1
f26eff68192fa88acc08ed97979c258f8f534a33

SHA256
f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7

SHA512
bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\41811f93-1f68-499c-b485-0480d4c3a225.tmp

Filesize
228KB

MD5
9873b3a8f08dc741804161e0b23aad49

SHA1
16392f38ce80b4486e7cab110ccc02934f9ae70e

SHA256
23d9abdee469169c8407bb3cd16605411de30ad9b9ac4e8246d03f7760d11588

SHA512
3d45405323c8bdfa8bd15b8d43df159f039645ae8d3131b2616688d676de666a873f0594c1f9a50dc5cfb87b1260b5b87783bc7d063c181ab28e0f7966fc658a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
129695cb13d7a74b2339de2c6556dd72

SHA1
314d3406a078f2c388ddd861d66e41d17985ac35

SHA256
2afff6d4c92cde01a63f9c67fa7a035a1ea17c25dc1ed06f59594880682eb02e

SHA512
085502747eae8f5927ee5b1bda77ae3eef5a3828de370deb3d2e4c199c28aab2dbd0d5bc58c4a61f582548b11dd865ffa2c21e58cbd9376051ab042c1b7337b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b4c3a5858f7af982e48d1d5b484588c5

SHA1
bcaf4d2f61feec07fe0b4e767828b32c813f0583

SHA256
a820e0998ba130577b8897ee2cfcffbb646b666b26e2c02481b5524374745721

SHA512
fd5773eeb38b446aea053281945be22408b458258ff607f1f73b3031f0dad9db371537c0fd1b098ada72a76c7e2ae4b719bb824b7e8e780c4c3734668a7e51a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
d70ea933075bb1e7e4e602cc29847692

SHA1
aa717a7b62a10770334c0256202b79cedcec5b54

SHA256
de5bd25c67308e517ff3af8a34e9a5141e7cc2c6c3564d580ef4f0e01e891c17

SHA512
8622b797cd0c6d0e15db884faf38dafae99c9ecbffe4f23adb2c9c95b0120c453065651d9d2cb3a71d5ddae097caaf81d44e71413c85eb1565bd8a388095acab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96d650b6075aedc7e6bc11050fc2c21f

SHA1
7a0696bbfea0d7b23ecb6a6c1d9b1df4e48979c6

SHA256
a695f0b20092e572c0d9eb9bf79e30baeb10a4f4a45a13e0cee99b971f98914e

SHA512
cbc0415fffd3d5b8a13a673c26c8778624e26e2960fdd7059f1fec460fe6ac23a70791d59e8cad54282ba3585a9277b3ffbd9f263ce4fa2e890cbb5886f87561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f8e1bf5bee70ae1217cbc445bdbc3e66

SHA1
3dda179cec8330091cd7f0fabc0fab8f0539f6d3

SHA256
30da77b43365ffbce7e0cfae49a4fb81dd8a3250e859a038ba36a9edb4368125

SHA512
9402993637ed4eb9f636d7de14fa7ad051b9b2b309309f28fae48df9fd615a6f665953a52df2882261c4b490fa7c2acf549400e5e93989592f8091b630ea3aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
08f7b0de107abdf0a157f4ec3a3698be

SHA1
d3eaf70fbef37a21eb5a2cde4306bba239c38869

SHA256
733e8129fdd8e9a57704022dc42db34aef92c167a615bbc7f96ccb8a6c1851f6

SHA512
6a7542c515b713ecb4eeea6c5a7a4cacab5cbf9fa0bb543f7019865d1289d5d1eaf87e620e9b44c3645e52e9466dc60e7fe92a37b0abd4cadfe55f2ee81e947b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02f53f1acee236f9e6e40820cd488dbc

SHA1
43794d2d243eb20524d19ae66699f0d16666a339

SHA256
f73f13d12eb778e796e519c0488b2a3fd4b8955c82628e7a95eb069c7fc68a56

SHA512
046a50edbe5e9797211335957c5ad1234f7b5c1453f1921ab68c87c4d4c30e2f95157a2677767bb117a4563458f751c169b6f1a6c66b75711b3b565073a73990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5c4ccfda162a08d1fa91e4a4bff843e

SHA1
5cd5ec52e2bf2382a6c1149d2e524f3c4f830dd2

SHA256
1f77e567eb47a73005e11392d26294a1e0cb3173961fce3627e6eab219f0a516

SHA512
597d3aa62a96bb5d27ef5b4f7ed46915e9fd1711ff061825ec458fa96c9c626b2e2fabe833ed821519e59cb157ed0ca63db1ed61bd46814d95d9bb59efd746d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
beede0ab17a7f46be58d527a26d4b7e7

SHA1
aaa846273f13aaac9c3fe93c9473722ddc045821

SHA256
e23c18780aae9e1b20e9cd4f28be039526543ecfabf71ad04460883e99fbde0d

SHA512
19bc671f0fa045be9f761b2353c457b4b79376530354fd87f248a7d9ca86d453bb3b8f1a9934a4e2d4c21394dd61710434fe3a7382b7c3737373f1ef530bc5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
51774740ff175e9dcd4cd912d81e5edf

SHA1
854633400c31c07872aff46e49c071ae2f34fa7f

SHA256
79a186d0417f9ab34bc6cd53483e9a4a663c7f5a1761e7364db01fb50af9926c

SHA512
e220a716c3b38c95a6e017082da64d87a58ca304cbab8cafece7830d40b239de54164e1e854083efcd5dd0aeeb30b421499926a5282bf4e7dc60e103a332e683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2bae4e8a169e52d438fa39666f7665e6

SHA1
fcbd897098f1cd445da2664944e84558d91266a9

SHA256
5f7c28b553504e2c63eeb291fe352699cd4fe2b72bf84d3439de454842e4e9d2

SHA512
b42804f0e6210e7c4ab69bec33f3ca00e9fb833354397f25d7f0221fd1d770e5c542f5272d0ceb534a23a67ac3dd12fe1367532c25aad581a8a854bcfe2db904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
28ee798131379e8fddeb72e348862c8e

SHA1
d8e2757394ec52a34e8d21f039b185e9051128b0

SHA256
9821eb7fcb3542c38b237447bb3b6f4fb51b8a20f7926e108418f5dc265b8403

SHA512
666a79c5ed4ae49571d2dffb603301eb7f885ba178ef44eecdfaf18fd10b76d333c4b938cf7707c8d7f865deb4e74a19b58b4cb8a3768f81ad739487b476c70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f425c295edef02814b2b120151713b88

SHA1
82651cfb77f104d0dd8d466089e4e53e2f5410d5

SHA256
d35c91267cff9ad4f94cd50c4b04f99c6f34dd93a917a7d099208451d128827a

SHA512
f6d3b15dacc0c343257fee52cf48e7b32e5090607c0dbd175cef8f6aaa8a178598712827e3d6a228376e289ff676fdef1de66c796fdfbc1d2ed51a8f73e6e4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cfb485d5a64047af3bda8ec60d1b62e3

SHA1
bca09cd1d152ee85c23ab9750e1ebe9e4feb9db0

SHA256
a97691673ac4333a64ebdc961f26109eef8d0e56546c839d823f55476a9df628

SHA512
f5f094dd8b8697e1435dc65181864a613864564154b51a746a8e2350bcba60cec31c6469caa79b0d3db37cb2ffcdd9f670f48116b801a05493852d8ceb995526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb2df698-4be2-4b2f-aa1c-521a6d14d4c2\index-dir\the-real-index

Filesize
2KB

MD5
d19a958ad3023c73243cd31d9389e14b

SHA1
a7fd27d09a637bfe3bb152b41b8de3adc25ca11c

SHA256
52d6cded2f861eb0ce9ab580e9928105b2ed760f03b60879d3f62227ab1b0ed5

SHA512
9ab78cf9c359f7e33be960f7c65e9143030ee38d8bdcdf5631b6c0dca99c896435d894b67e9d1c4d9d62c3bb5594e36133cd15d963e76674e4c8eb4b1bb63bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb2df698-4be2-4b2f-aa1c-521a6d14d4c2\index-dir\the-real-index~RFe57b2f4.TMP

Filesize
48B

MD5
1a75b4e2aba92172691b83e39b5559c6

SHA1
c3766f3332a877f2abb5fc02c95252ad534fbac5

SHA256
12d89534646b64ebf73a21e78aa11b8d6852de35a7d0c727ea64fb0de7ee74c7

SHA512
0f0563738f21136fd04fb5591a4dc924ae3e8b2b5f3ee029fe78d5ef83234b9f7d3096fc7beef66ce4565d581fabefdb55f7385017b15a8bbd8364a423977c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
7f12a20fac095fc6bbfa85338cf54919

SHA1
b648c4600889d4da9201715dffdb5176724af4d1

SHA256
e84f58cd8d4a62f3038f76279cbcbcf6793b88ae0914ae2b8a8d88dd79d7b23e

SHA512
a6e4e2554fb16be6be27685b23c4f1c03aaab9228c8ed9459b7cf4b3f93b33e2d968ece8754af126ba4272387c9ee37fd8d22701584b7aab86545bbcafbfc372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
9ba06d6a7d63d7e22ba2aa5844747b0a

SHA1
b4839ead5323f6c824fece32de181990f6842b71

SHA256
e7bcf77a960d7270a6ed5e437992929f52e2363ef9dba0f8674755c834899133

SHA512
d6b2c9b5f051032fce8c29235870cf0a8b79c45e8f0f9aad3661f867df9eb8606335ce165ad000ea1f0235474983f0b02ecf47413644f3d2209c41406134a030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
793557b63e0ac0da580d8bbf0a9617b6

SHA1
3d1e2a6b5adcf53c363a6c35fae7ee3a7f69435d

SHA256
165d9f4bdd84e7c4573ae9f71f3d76842c5acba850532cb9fd47b22d6d0eb1d6

SHA512
2f02e32b368feb832f7bd3568da6b761b63f6b7e916c5cc6cfb333fddf040264fd4423fc42529177c8dea4542b9438021ea0e6b3b5b7f27a1b000cd443e0a719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a4fa.TMP

Filesize
119B

MD5
5bfaab53ab418a38d5d36d3abcaceaa9

SHA1
93be4a18fb9e91f1876c303f7bb08be287bc891f

SHA256
bf769678babf25878516c14bbd1d80b2d32f885c89a59e0fcd1ba877baa307c3

SHA512
19463978592b1cc81dbc8d34d834306ffc136da09efda2ff5099053e7018aa9e08fe02d683f47fea74a5731b6a0217fa6d4dbea9dd4ae1f62525d4f7e4228fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
93d02dde796c98cd5d419774120ce63f

SHA1
1e0876700ac69d80a0fb140db8e98d9c7badf180

SHA256
8c61daec41c97812a1bd7fa5905ed7a366c3c559061c907e1a2fa4b685f101f0

SHA512
48f5ad66c67ec1b081508c12095fb8c501babc5cd45d875958567b477c7201869438c6d917feb873fdd96fc0f283db2cfb59c577e40d46c4242e8f4cc1090569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c6408d2197ef11005d8ede1547035b38

SHA1
8202abe0273bbcf86c7d4fd5c327b1a8767e674d

SHA256
24c6c09414a77e550a41b04582d09a8848859c21a61847bacdb77430594445c2

SHA512
59f8c90c4d94e404d3fdd8fff98433d1234815cb0ad821787220eb5590bb29abdd127ef6f530cbad6e7e8b0f0d7e397f5ed68c2625603b3225a9aadb1cdeffcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3264_1193170042\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b3e369740d5ebe39a3455206a24a1fe8

SHA1
fe025e21d5e71cba6f42be88f5de037884e185d5

SHA256
3ae161fcfdb28d57d18f5c3c5fe6fa61470aa793efde627e788d2de7fc3587b6

SHA512
78c412756ab4ccf2bd4c6c14ee2454a75d1e514e50ca872f6d4da33c81ce2c05e23daf024494c1bbca64c1cb847b7d10fb890a88faba89526dd7ec3fbbb52acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9cceadc2e7250e1900e97041a45bc94a

SHA1
1db77ea8ad561f063f59b956ee2fe0bc03116046

SHA256
72d7e1daff57002cfc803eff31f9b9f2f66956318653eef6e6d0efb1e232c84b

SHA512
cb73395eabfa7412308e92d11484662a26d503e633ccc7e1b89543aba47e85d075fe9424e767e2e0c1e2acd5505ac44a618dd2b9cc0d3a9577bb86674f1d9555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e5d70e860a0205ae4f652a106c5592ff

SHA1
6f9e422e357b222cb2e16178ebdaf134da94b503

SHA256
f79c636398af21c1e4bcb1dac63351b7de558052aae3d81dc95d0f800515d06e

SHA512
a26fb4764ac8e38f520786b1d44e119e79dce2d99a366549a7d7b04e71e0426ec0cdd168babd89a015d367af915cd05eb95d989e077cae6ecc03cd8637e6ec9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6c10d01d8acf5cb07450371b42e2d43d

SHA1
bf49e2f3c444f45bf8a1e18ec2c6e4cf71f99443

SHA256
be2f6a3748a028890490fe759f5649d094faf5543b9a845c41e81dce259c04d9

SHA512
3815d6e5354f6a542b36f0c5f63f5888920b4bfbcc6518c3606c82d43083ae6d4281da0921b353b40a294a38f49dbcbab806cd6b13c738331fcf25120505fec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
ee4e93f14ed57a921e50c36093c85aca

SHA1
057af678e0ff1eab8b7121ac9968a5f8aa2689d1

SHA256
1187a9f8bd8a03b5aec1bad38a37dd3a14365e836ce7a1f0890ae99499e93ebd

SHA512
3ff7e7eb5c07724a3a51069eadbcc044d046aba876b11ef57530aecc384df3b45fff1f2b8380e30cb27b2b2d11166921e892a6952bc9cffb4480e6e97ebf33fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7de81d20-f46d-453b-ae4a-e939dd8e0117.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1660_746706025\42584485-2aea-47d6-ade2-65a01dd5464e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1660_746706025\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk

Filesize
2KB

MD5
26b500423ee67ff70b003646ca19d314

SHA1
50ac0d4c73f550cb9b64eb3e7436d924c762ee87

SHA256
fe621eb1df9bf42da8bce89f59ea50f883da2649398502e9f9f956c5afb91c18

SHA512
b65065469e95e2c855b42fa538f2bfb2319307ebf779e14356b5d132a265c9d2ab79a65265a91d2ce93ba9e257736cde738e6ce5b2bb124d17d10ac936a5b78d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
14KB

MD5
2382008513de61cb0575125552777f33

SHA1
0163bbce665b06cb94959fcffd60a55409d109d2

SHA256
49c6a77c396b728fb6be586e94638cee0005e8203d0afb5f8012c90d5a13759b

SHA512
4832557e7037053c73cc1f8580bb26a70a7e13c17539e7a12a56ac8962d66733e76c7e61ae4fce3057da5ac8677f52cc09db8d30caecfb0bf1b51215a39f43ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
11KB

MD5
3b814a09edd3137b7bf4e507fc7bd42f

SHA1
032010864c1521190df340e09b2c0c5737fef30e

SHA256
70027832e886a5cf99f971c4cf70f3c53c37fe9269ab25fac5a8570b306c09a3

SHA512
8ab53387d9c833ff5bb0cb75a40d8441517980d507a34e684bf2faeaf96f267438aa6fbbcab2f946abacba90847a49efd681e07862949a8be4e95d139eff3957

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
15KB

MD5
e269a3646c8a58ebcfac6cf4d2baf1b5

SHA1
73fd89e105650d1430c9d0a3dcf1e72d1c47d21e

SHA256
c2dcb22ec250bcbd10c5b858000a747b2f538d3da6ba9a46f7e08e19906cdb25

SHA512
01b847a8fc4d086881b87f9d873f150be1e44ae61be34762ee6176bdde1e2456c5a8bf392656a55928e8769e7072ac1f56882336c514534196e808a2536e11b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
15KB

MD5
5163d1b5beb930e300cf4ea19f3a1956

SHA1
85aec0fd0369438d5980f721fe8d17cfa8600732

SHA256
95f383ab1d030b0e080a16ee324a018b39e892c8304e6e679841ecfe71ea34d5

SHA512
2d26dc015010739455e138cd63975ad933159aa03fa6637e52efbed1789061a8e712927a617bc6c7e98963ba3e2a10958898808f745e915ac81198a073312b17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
14KB

MD5
f27d5c6681d9279fe4a0015a995ac01e

SHA1
91e24ee55584e82cee9eabe3dcc13531c56ca9cd

SHA256
fabd4490da3ca61b4cb0764c76a03d6b580b2539ad62ea57baa660e686a31724

SHA512
11573ad25157b8b54fc12800b0cb5cd9e2a6b9659bbd8c82d1a31d72e130dff54c42807137277580c98e6f6f622f3350bf9948a68fe7fe03545e6ecf8338123f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
10KB

MD5
87c237de5f89b7a3bfd06b57ec063f84

SHA1
bceb30870047f20388b5bcd74e452a278abab23a

SHA256
0423808cfc9d3463a72c38946a3133647f74008353b6717767c777765e63d2b3

SHA512
1e1051e413b6af6d0453f5bb0c3f0c7992fe3be45f527e7b642c99775f336fcc7502dded4139505d57896f0e1b583eb5088515bbb0c30a93266bd0ad526fb66e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
12KB

MD5
ed29b6a4d69ddff2b3b799e317d9e291

SHA1
2be6058c8b3e22e4a97980c2adff605dba4b0bd9

SHA256
551e0a6471b224e2967087935f7d99cd30b74ea6e6402ac44bae22180024ccb9

SHA512
482f195e2aea74d26db6510edd5569186114c7f20430c0608670162fcb9f631ca74bc5975fd33199f62bb4a87b988ab7803cbf971ae6f7e9cce8cf9b18fc3353

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
15KB

MD5
b41a336d67055e61d594834d1824a084

SHA1
30d80ec1cc09f0b28761ee8c3fd94b1fd16b6d72

SHA256
3721cb8d9be085270bb491db95b5323f2c04c87d07a11bac9e009bfc9b0c4040

SHA512
a3db5a41524661401ff892b060267224062671258eebfbc6730370506f34aaf7634f220f09c6061bf463c4dd781d464bed9fe7f3ac0f13e7ff2da8ab85e85d0c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
12KB

MD5
8a0c6e9ab99aaec23733b71e815adfb3

SHA1
431b26249f1afc0f5a2a50c286a4de12b8e41639

SHA256
dd1e8a540d876207adc56108f826602e2b95c9be2a8906bac3f57985fec46aae

SHA512
233a47dc199e7bfcc9e712e91d29c0b73b68fc2d50bf510502bc82a2e41a84ca58d1a5015bdd4b11a62d9971999c59c82ca524ebe717069faeea66862849509f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\407962ce3d4220f.customDestinations-ms

Filesize
14KB

MD5
1aa9049c61670e394bbbf13801fe75b8

SHA1
81483405a0bc8323bd03e61a33ad65696465f47f

SHA256
429ed65e5e6d8a0856c943c163c93971a1cdc32934a8ab841f0e623b212a00a8

SHA512
7caaf15b5dcd65cf615c12ab9e9222a3068e67c7fdc3a0f96321265a615a0075e9f41abc77f9e87a0c1b4d4b0a5053d629973e9a2d4656dcb88a9547154d6649

Download Submit
C:\Users\Admin\Desktop\Unconfirmed 283544.crdownload

Filesize
22.5MB

MD5
0ba9bddf58c9d7763f63442efb6e30af

SHA1
a5e8f717ee437118a36cde1e2d26e8dad4169622

SHA256
32fe98a9a77a656afb7dd3c39b6cad1ac5222c2fc9313a8aba6ae8546f244371

SHA512
a5637ad57f8b52ae2523d5443db9bc6255bd05e563b47a3f88903624751d1913b23b52c000cca93436b65876391da797bd25211c27027917864ac394b67c1298

Download Submit
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier

Filesize
58B

MD5
62b357aa482645b14953a52a12ca487e

SHA1
d8aa3e8da9d16b23f3d83867865ac344ebdbbf9b

SHA256
c18642d5ef09f900951c221a0ede462aa6aed43d101f8664be343b1532c33bed

SHA512
0e3a7cf8928b8273907c2469245616f15fee75b8502c4c841620aae32f6252bb42fe24c9cab27cde0081d9f2841bb2d93612022542f510031354ee5ce50ca20a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 776946.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 985632.crdownload

Filesize
1.2MB

MD5
06f058eee50645758a81e8842353f372

SHA1
15e9010bab33f1733ea41b7c45d2da5d74ed721b

SHA256
854d06a90dab54e7b69882925886fb24be711fdc21884e13c77e29048b21a098

SHA512
920d5b6b902a742551dd0003c3feab430c3648a36850ceecc33f5baee365bf3f938420f80695618e1ef604daf3e215112938a57f3a7f6420c286ec430e89d817

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveCrashHandler.exe

Filesize
270KB

MD5
1215366af12337d0c6df30cf1e8d8703

SHA1
c068c7c67c7940a8b54f91878a41d7d563b89b52

SHA256
afc14e01f32986b8fdf70abedf20a4fa4f8617197164eda2486e81960a4c82fd

SHA512
159f94185a34d0f7eda4bcd7a3428a47df7bd380908a3cd2e8f3793740e2be683637279f248c78ba919e2e9eab7f1196ab6e1c3f090e51ff0b84d5e152e613fb

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveCrashHandler64.exe

Filesize
355KB

MD5
57a36d4a82d48dec0b84dbead5af407a

SHA1
09fb2a73be8171a3d0e4fe8202c8b5aa8e0c662e

SHA256
688fc87c2c8659b03a4e356b2e0d60d644b4f91865afde2edd0b431fe3e9ce6d

SHA512
35cce78ec9b0fef3836b543f3737f71403cdf8d4b084f37276dd9eec63dcc958ea2e64197a09dda9bb85c69654b5d9d65992f7509c9ae542786e49867102a0c8

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveCrashHandlerArm64.exe

Filesize
353KB

MD5
e2c7fc3a842c66f204a71680ea65be48

SHA1
9770bd0b297be216651330f5dada585bb9ab7280

SHA256
024e34c8d8ec714e98a82a6df2de2252f2e0028f91b3ccc928f53498179a7ca2

SHA512
5549a1478cd09cd00525d56dd4b162a3d42a1284c9f811037f02c6c0aed6094e6be53f7580b62226cc9eb31b8b5048435e6225ead7de996c4f3480f5852c7089

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdate.exe

Filesize
163KB

MD5
ee743bc7055cd46c5dc436c2e31fbb2f

SHA1
bc2ecc65e2de6095306d752ad8d4005c0abf0a95

SHA256
fb5355f32b99974fcce4eeaf47eb285b7a5eeed743389ef86cd781227885f7de

SHA512
de549940080e22134a462061b05c19b71224f99d88748e161626c15c10b0e6dde73f614d2b73e7c667883669ef073da249066bda7344e8832f2db3f4ca771b53

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateComRegisterShell64.exe

Filesize
170KB

MD5
0ab8bc5e7781d4d8adf8e9042a092b01

SHA1
55b8f5c9eb6569684d3dcd5a9eaf307c130a9096

SHA256
413516c1b9256ac6091789ab02ee8374720a8e4d3e4ff02f9dccbed707e1d5e3

SHA512
0e2e3c94f7d2c7c7ee7ee8894b97e7d45fec8869ff31a6202b2316a5122570036455b4a6dfb9419c7d21d3dcc90f92bb5297b4e964469ea656b4aec82bc25226

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateComRegisterShellArm64.exe

Filesize
154KB

MD5
d0ac42d1758fd7d7c358ad2afce07b01

SHA1
6714c0c29fc240f6173baaf61876836bad18ca9e

SHA256
35dff5c835b1e56f004fd744c2e9c66495130bf8de1a35bb216fdd21d012d12d

SHA512
e2f27b1c4463de2046b3dbb8dd0cc489ad591bdb0be2b566e1bb909c6409cb333da3905f3239a45560aaebb3ae0760dd12854b6ea1d48ec43fd2d037bcaa67bd

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\BraveUpdateCore.exe

Filesize
195KB

MD5
bbcf651a95a8ef4de64e68aae60739ca

SHA1
63c219727f867525ce1f3bec122117427ab17e74

SHA256
fc081f3cbae71ad895f77ee661b8eb8d6adb7f7652ef072572f83a21024f3e52

SHA512
e77bda759b5330a4084d1904273af243bf3667058eb71494f29413e0ce05dd2800eca3b6046d577a648c9e4f9c582b0b88e07312b9ef0cbc30b1732f2a371856

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdate.dll

Filesize
1.0MB

MD5
371ca63d32e87dc52fbeb61e32f0b5ad

SHA1
ac6a727a473c6e86a940ffe5b2e159f643f14c8b

SHA256
509d0da97daf68177e9ac67768bdc249069e6c524d016546413df78f96ca5b71

SHA512
3273ba366d91288cfff6dcdac96f320048bb0e9eb6b721b40aa97396e04902d7d9cd3b5374314a7cad06ae1622f6de83189ce0947b6de97771f2651c3cd5f275

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_am.dll

Filesize
42KB

MD5
44f5b5915e90e0ea92230935ffdb387a

SHA1
dc8a855da4ce00d1e7fe6666ec5517f1b9251d46

SHA256
b424c70cde21c207c7a0ce50c528a07916f3a23e729662399005a9c2101a4572

SHA512
802100300f9227aae6e2a68c88bb8ce898f54ffeb5a1291e793fb05e8dd5eefba43cf0d8ce6729e3e2b96b8877703ef96e75ccad4bf7b7104b3c4ad98e9fb520

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
9f4fd820285020cf27e98e887a86b371

SHA1
d02a83746eafea50bfab3f2c376dbc7065901e6a

SHA256
0211e33039e643716dae115bbaa7fe48712ffce05c5cd93e430f0920944dc0a7

SHA512
f2a2e58f59878ef0a0da39f55c49eab2252d1a239a2b528e5f24141c9624ba70c7a0b116b5f7260d7642fb639ea6b02267a86d87d80b7040f01a3f77b2d30df6

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
a1d35e34f46dac72a6d9828fc684342e

SHA1
11e8620b430713d2a060e8b00885406406999ff5

SHA256
ecde99e60a06439b6efe56449b574e4e3c72bd2866435057ea96bd95a37475b2

SHA512
f3e4fca639692c375c6bc5da8add571d0321a96b108ec4b5c8c066fcd66dbc03d13466e1ee2a6999c8a3295d4dbab196e4201676d33baf23c0d7e1910005e086

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
d2f9b8a15531dbc23062d36a32f2785a

SHA1
fb91c68d9169e3395d08a9e0d9206ab9eeb4a9bf

SHA256
745a678f24bc4bb23fee635f7208da54c611c4dbaf3d6ced8ce506e6fcbdfb33

SHA512
71cb4fd02e23f9f5ebc07b78073b33d22ad2d0f63577cb60f38b42af1da451b1738f77edfa2c77696963ffcd09d3eaf07feb69814ac20b43c65bc71b720842b3

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
c6c28c37de5679872165d8081eaae611

SHA1
a6314c35d35abe6da7cc21a0cb3b3ae6cb8cd868

SHA256
b6569295bbb95a2b7ef2a203cb2e6328f57afdb60d2eed7c91b9e0c140492f89

SHA512
d8ebcc4edfbbba20e481e02a1abf8d135c0028abe6afd05b67748175b2683da5a22b31c19251180072e2daebf3b8ad1006d07973432844e97fab7fb141e00bd6

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
5f1801d5a4313f38b0afe77780ff418e

SHA1
9260d0bf49fac341682e26bf333d90a02a9fd383

SHA256
f220083e8127200342cc2a8b441a711f4b08fca1c0bad08f71e65fc755fd5903

SHA512
833bfaa2a1c106492878e36f455dbccb592686168dc9692311423c73b9f09b3ab0df67c4248be529e72fa27bfdb1ebbeb16a3dd5d5ff56fdc29ef0f7c8511101

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_da.dll

Filesize
43KB

MD5
9d31f68f685b47a909056410e13d9b67

SHA1
ab65cf05a95d8bbc3fe4e4dcd4c5e67cd1082e4d

SHA256
81891dbea99c47f2590259ce9b5a3fda7a80b7e9305dda387b2f6447eee7175b

SHA512
aa7ea8c086b59690eb3ac7a2e334aaaf83e0cc1b3adbbac53b2ba04cff67392ac87d175a88ddbf5c7b53f874fda203b5360494bf628b0c563e7953dc11553907

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_de.dll

Filesize
45KB

MD5
c699c7cdf4be1ddd44b093e1f6ccd4ce

SHA1
23976f3f86117d4942e3d4010d8a2944615275c2

SHA256
f8f33f39f47c9bd53ac6497cdb2c7e10b4f5aebf70dbe5c8422162047730c727

SHA512
930a757630dde8659a0d3dbe8c09ddcc2d7c5295809e22e1c071b8a6e83feb9a88c66131c9d889c51636b8daa68c06ebcf32c935626fda2a5ab7630e16309f26

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_el.dll

Filesize
44KB

MD5
638491d6e7411ff991caf3593ba96bca

SHA1
14e6fb5ad4a66800fd56be8d0f2bceaeb765eaa7

SHA256
964614d4e55cc2c61962777e23509aaeafcd3d78939aa148974a4b2fa574487e

SHA512
245de32e72c3701cf58d4260931d4450d4bcb204c72bfc92ffc37a06c00bdb95e9231d86c47da1e2927c8ec4f4ff4fc8a2948a741729a2276f3d3fc7f48250ec

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
1731e2a7c6613805d563ce6dbd7029e2

SHA1
855a96774de85edb2d42ed62f4a930389020d1e2

SHA256
b52ba05b0a6b87b62544b68cba8790c5d823baf93da0fff65696f3def0e02be0

SHA512
9b846e535e86c2e023806235ae78ed4f68a984bf4c3c3d8779232a88dba449ad0484003b2c2563cd89bb9e022c2a3068fab90e4890614bc6f75d4847738028cb

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_en.dll

Filesize
42KB

MD5
1bbccbbbeafa25d677e1accf13fc7e91

SHA1
522cba760d745a78f9d2b1af43431b749ba525dd

SHA256
8dad4dfdddb975321556a1f1b398459dac6d68d6b29ea05e96d280b256cf0109

SHA512
f06b803b293a7a3e4b435a741179ccc64b41818a890a62d75dde459667c58db17b4b3a24529a654a64322777941218885a2b6e7b72e6e334386c1dfc20d0da38

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_es-419.dll

Filesize
43KB

MD5
6320127c77432434e44a89e93e2a5dd7

SHA1
44ed93983ee3fff1cf36b12d46450106429f6174

SHA256
4a02176ad398ba84f2420249e5a6afacb6bad12fcc810394d476d149bf889619

SHA512
a386719934fd85b6b1d7fa5c85e5214b29d5d6daa8853096ae60c41c2f99b87fa4518406d4d6fe942bb04f650aadcf905501dd0e41eb614ab11038a12026a707

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_es.dll

Filesize
45KB

MD5
8ca90163b756e2703eb5f92e520d4ffc

SHA1
1b6b24a5b2cca36c90669add9c0a0104df8aec86

SHA256
ac60eece8c5458a6110eba9fe47f703828da5999408a5e9c9c689365c6e4eef3

SHA512
0a38c7b95b8cfc8d17de80da77af898c395cc709a207787bda6e29681357d4c160ef11fcf80adb08558866872f34a525fd2b737f7d640d8e936cce48da8f4505

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_et.dll

Filesize
42KB

MD5
1ca6f5c39615ef0f16976a34a47d48aa

SHA1
f3983a754f6c8e857829b613d08d726b5a3de59a

SHA256
49821ddc2d2af2d21fb9cd7747c618f6ce9b8fb69e110dac017b4d41ad0bddf9

SHA512
715acb72219bea384115419f822290f145c89dcd35d2d5a14d14890aeb22640866806da9b01f5e6e0778fa982283481325d5d8ffa91933a976fe889c78222c73

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
92e7886205eb3792cbbd3633a183cb12

SHA1
216564647a07115d839c885770d1c360475279a6

SHA256
2b630895ba3b973a2b1264c715b6744c277ff55031aefd4c26dc9d2360a3357a

SHA512
8d1a294fa164265de6621586efba9ee775c2819d662837cb3675c4335a106db74fb8fb1758ae5bfd9c78dc799590656018a20d4448ebf2077cbe2b266f73a776

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
e45b0c0b274f1aa93d559590998c572e

SHA1
10f6e82ba3c00e5435b447bffdf7bf9ce48ba263

SHA256
dc0a8ce05108eff46fa2a5cd629d23693c826dcff45eb86e31c4ce163fa9a465

SHA512
1edf3cd05eb01a9317434218fca95839cfc5147c8d11c69a0d5c9228340e2c558fd3006b8daa821bcea20d54b2c7ecb088225ae14f8b380a4ccb43482e048136

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
56cc233b80def41a589fbd52fb36626f

SHA1
70bf16bd33e95cfb894075c5d5ad30c3f9d39bf8

SHA256
864ceeb444e065766fb0b7f0ba4938e6f56ea6fda8a62c9530657abb7fc2fa78

SHA512
290fd8a5b39c8675d3d41bad0cab7410445a30adef62591d26a5da03723f86486468e3eee95926f0788fbb7959347f0e4c0db76ce7a78a22cac01817b7c44e11

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_fr.dll

Filesize
44KB

MD5
7b2bf17744445d49d1b61fe75d83e14e

SHA1
5402f1f0957f844420483ea3754807c4cb2cde86

SHA256
44d264d2654c059b777bcd7d011024b8104c028556e2dc9cc470a80d5f3a1f9b

SHA512
1b79e79168f9c1af4e736b5996c64f10fc8dc78960ebe9163b34230a11e0c9bdc58a799d963fcf31bcf87fec433e8abe88ba3f0ed01a6ea8e1f132f296bacd5d

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_gu.dll

Filesize
44KB

MD5
d3150bd7fa51c9aba84a2fc43c440983

SHA1
905c95de9153b94c4907230f16def4b214fe0385

SHA256
7adfd3b65531abf14f74b5d72ae29d5baefe44d0d2ea2991f6e4c949da088a67

SHA512
02bc2fc52ab74f0cb46e436570a5c099d5295b587a9952d1aa6f5e28c79b1a19d1245e05229ad5af568875d53ad2700dd97ae9a97d95d7869a4180f63da094d0

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
bcb8e81f1363784b2c47ca4c8643219f

SHA1
9244c30660b017edda9d3387edcfeec25875b3e5

SHA256
545c1d69d3f9b1b512812dea31ad890ba95feb4ca3bbbdb98ce72a801919d116

SHA512
463c77b2daaaa30a0a3260eef19068da3f6e0c2d0099d628f72d12b5e49b69ff93d48bf3fb130bddf415b5941f89d2815afc5d917bb4df39f69adebdbe59bf09

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_hr.dll

Filesize
43KB

MD5
f6c25c1a214bb598f111cf4fa8b3400f

SHA1
315786decee66575abb87c1cb23af2dd46baa0a1

SHA256
a584889f453cfa9e8f9e03aa91187a00b2b1fc47161835bffa1f88423e293c3d

SHA512
f5c1c8f31c9bacfab4c91ec22429f202649012aad200078ceaf207b001cefa452c5ee75b02ff076b980d4cd25fe675447ab09a61b648a640fe6a5fb58a9d0ca3

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_hu.dll

Filesize
43KB

MD5
840e859d33976a45d9aa79b4c5160d33

SHA1
6522f4d21e80b7f83ab920640914dab9ac2dba5a

SHA256
edc63fc935d0de9fafcb06ef7e985009653f3650e3460a6e74272aa518ae3db1

SHA512
8f4c71265d0f01a88960686cceb8489eb2be2683cd6de697d4474553debd4646d9dc23f9bec53a028375f8da9cbba27dccb8b861720865b285e32bcfb0e8828a

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_id.dll

Filesize
42KB

MD5
2bebedf7006e01182b4724cdccdf8209

SHA1
d29e8371a2fd2fb5673ec26bce9a76aec61fcd0b

SHA256
a57a4d3f382f02ef972dcec0b92ff766e8dff63638deba1925e4360a391202ec

SHA512
605cb76437c2cc7868f88e24a09fb61d9ef81e104d1471443806c7cc31500b92d90b8f014d8aecbb85cdbbf2d9d6950e95da1d0f3ff6e6f5b195c54c17df7b1f

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_is.dll

Filesize
42KB

MD5
1501833c6ba1afd0be75f245359aaef3

SHA1
5380a6501658d195008da7fe4934d3f229fce5ff

SHA256
08adde568bc6e0b19da788fa5de81a5817faa7a750c926989e73f1c2be40573d

SHA512
bd0ac891af264c25e264bb7562ce0ed9ed02a6d34488fd684c9cf8a4936482a072d30e1939a5042a4e10b399454804f00d45af24f2c8fbddc01653b0d90236f1

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_it.dll

Filesize
44KB

MD5
a70215145e52353fa80de6604ce5095d

SHA1
26cfcbf62d47c7830f53135f321cf559c9cf403f

SHA256
9f7f4d8a0683c64a3657801cfc399ce390ba1138fd90120f49c601afc9a88cdb

SHA512
27872c2cc2c0fa49146ede7e4061b3ce2322415ff8f9ff5703491c8b64ca0735207a64e520237d8174706e0e915f28862eef71a2f9d804ee02512095f87d4ab1

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_iw.dll

Filesize
40KB

MD5
052f862b897a8e59a203ccaacd5ad09b

SHA1
07734dcf9c61c51389836e04e3b0125d7498b632

SHA256
c1bc29fd83d244a5d20674d90e98d995a255c9dccf90881f028bf35eed8b6276

SHA512
949378b1fa5ec568b99456bd475570565ea8adc01dfa387d3f87808a9c2037b82613120117e0f582bc65eb619ce7d0b2e447148236bd0262bcab5e3d475fd202

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ja.dll

Filesize
39KB

MD5
ee568bafe0eaef79ec54688d04816e42

SHA1
75c46969898fe1326a211c99ba03bdf2f42fa4ae

SHA256
adbdb88fac6f4b7af1c845774e870f356aa7018ccccdd10196b10f18b9b0b2e3

SHA512
2cb1568bbff7d338baeee2f5c82a003aad0e17671857afb956cc7026e19f28a1da1a5b3d3b362f0ea70bb9a1365a07445278f658aa9cab290a9e8b97ef7dbf9e

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_kn.dll

Filesize
44KB

MD5
d876ced6baff678cbdf14031fbde9631

SHA1
fda2dbeca454660ecec9ba1337b0753f89c75549

SHA256
2613a42698211413ad94a5854e4e3fac172abebfebb4eac12a75a042aefa971a

SHA512
1cd48b49ba164491bff2a8e3a2c5a033d4aae30b2722f601f42db7d58284be4630c8bb45f24b505cc066171a9eab7700707d4ae91a5bada2644eb1a4b36798b5

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
2b67991318d781869538f48452bdb153

SHA1
d008b609e56568078cfbff28b6e549f940c6fe96

SHA256
520345af1b837d49bfeea54de3b7957334c998dcdac77083fd5877a494250168

SHA512
1774a4bc5da769cf2f3593feabb1a5561ecb4606916d6f66b097511595a5a0718f839e55e7ec55052451c5d0f9320a3c64c43adac103c3463b3c0ff9d8cbc191

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_lt.dll

Filesize
42KB

MD5
c3b9e9ac6cead1e698c30dbc081b89a6

SHA1
6ac2b98c80decf71f328a65c894365cede7f732c

SHA256
da25075045e7caf14116921758ad7071abd16ca16ad30aeac51424ebe2fc8059

SHA512
e4dc34f339f3a465f46d7f7cb26852e65455016d6fa1319ab4b5d04fc80a67035c87f50bbe4afcffb3b0a4912669b9b0a441325c40d0ce522d2286e794200c41

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_lv.dll

Filesize
43KB

MD5
2e67805ec1c2f327cd75145dfb6c0b4b

SHA1
40464bd191080fba9c7287994f0ad171c9b9d0fa

SHA256
3547e9a1cdb6f0337b704754504068cda39e4075803078e37dafaf474962e71d

SHA512
da12838e1151a0673a043b3eb6a8d9ddf80e62da3fa1b872cd5a0d263bbb228330bb5f29b34c37a8e00f5e28b35cfc5cb3143d3132ea10c060d2bf4bd003831b

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
77247706328fc4cc32b7547b1aaa44a0

SHA1
83816340fa190b967a6a2a34110f822a8732e1d4

SHA256
3c78a482ee4f94bf5a3cfe231ccc7d96bca83f96f621f5f6f167113e651f8aff

SHA512
22347f94e900c16bef181c3cbb9518b1b2dfe27923bb108d4cd39a497d36d5c3d515eee13a027c3398130e9defb389b4d8f0cef9d2bb78932a6f04b849c85913

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
dfda61f8be51a23ea3ceb7bf9c8de9fa

SHA1
72f703928853390656f70426c3537a620274579c

SHA256
67de42666b554a07ba14c5150bbcae7f0af8f4e082ec7e9655e6a0cff0d8e061

SHA512
c5cbbc5d47bad734d8317e87e0a1efc374f8a19656531131e29e5b7c202e810def3c0cd8ccba92bd913986068020a217fdee7b48eba952d2e71ae351f20f0f6e

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_ms.dll

Filesize
42KB

MD5
493a33c40fc499a7209f88aebe5ad0f2

SHA1
ad33ae69c5e62697a19fda48639726e35a93307f

SHA256
7764fd60a1f384380b7e847466690cc5ff4b46b47db86e83f766913e5219a81c

SHA512
6bacb662b1a3ccef53fe2d4731b9c27639fa1194b8cebbdd2f508b2b0f96ff09b0757570f1cb46657121f462bde0e942abb1868f331448b742324d37feb248f0

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
c520f19e972feda764ec523f8bbab805

SHA1
457b874fc7be37be1c46d4733b805e1c0e83bb69

SHA256
e4b5d114adad2794f245a300e8a4f18cfdee78740327adc7257cff1854319f9c

SHA512
74747bf5bc875a65499bbf82d60f174a6cd8af9ebb103c6a5dfadf7a002c9aa9b06a53c27beb683efe38950303543b0b0a5b1919e48ccef5d5f685d17e5c1aa2

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_no.dll

Filesize
43KB

MD5
db94b8ee999225ba3a038477bfcd7547

SHA1
bd2beae660a1cb61eeef93feccce4c22a8cf103e

SHA256
e1e4e4ce58b61260d22b464799dee32127901dfaf9ca3fb452dc1d19208989c8

SHA512
d2a656d1fa36a33583c223f3fcd53238966e7114004cf36264ceb25251a822b9e3bcd298967951292afa8130d6c3190023643a356c3521495d1a9f0af3d8e00c

Download Submit
C:\Windows\SystemTemp\GUMDF35.tmp\goopdateres_pl.dll

Filesize
43KB

MD5
c43936489f35c08b5346a5363570d1a5

SHA1
3a575aa598ef7ab45f5abf246daefe991d722111

SHA256
496a08549921b4785f15a7547dafe15f83cae15bd47cb6fb78d0035165b236da

SHA512
0a345eebaf08aa8573df1556da992830cdcda1071b24541cf331155bfd25cc64d3be020d28f2cd1be6ab5cc0f347f41efc7833e835c05d14dab1e8939444fd0c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1075378636\manifest.json

Filesize
584B

MD5
25b253b4d9d9ee54f5cf3cfc03a53ee2

SHA1
1312657bc647afc32ad202fe6c00ca479f49de1a

SHA256
203e428046ed3c49cb3c05aa83f89e89ff7c342a3b63318f9e315d99cc57f9e4

SHA512
18b2535136a8a7e91ecd2185265129c5e24130a6f2f7118bbd29fd5ea3b74a545ec6a635d73ea6947a68e481b72990a531ff2d66f1a75312e1820d168932d21d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1266004494\manifest.json

Filesize
563B

MD5
0d45b64d2fd53ca883f50b129a692590

SHA1
18cf77d785f43ad87e08d2e4ef47640a359431b2

SHA256
cf2c438df5db4fedd73221c4f740648df37122b86b0a70afec20a4d0149e0274

SHA512
dd311b5a271bcf4a56101c2bba7caa272bc95d24f456753167a1a6d42a402af122d31ff2ff6a4371315a89c2704bf9347ce67fefd41550c701afc058f5a4598f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1294090168\manifest.json

Filesize
73B

MD5
d0d700d97af7329eba4106663e78eef3

SHA1
3edda685dd4c1784f4367145b4bc33c0931a3f52

SHA256
e8d45358e5cf9c0d78c905f62747c374e28c0b3104fe63611f795271d68213f3

SHA512
28c97cf9009557bdaba19edad046bbe1b0dc6b1c826402beddaa19412bf854fef8bd58f9faaa5091bcd43fa55c65bb69cbad9d2b9b222185e6a3cecddfd3650a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1453703937\manifest.json

Filesize
595B

MD5
24cbf42fa8685f11c5ab4269492f095a

SHA1
acf60b533f67bd79a5738ed681d9b0d278fff9d4

SHA256
370e9495fc58cf995e0449c873f507bb5711aab12a69e9021264cf5152673327

SHA512
af1c14d9e9542c7432fab573d3ac906ac549d24e1c7b97a97a9e9992429d86cb07bb1de45a3461dc5a79de7e32247bffd2d1f414db7b46ba39f5765fe5ac5ea5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1464701745\manifest.json

Filesize
108B

MD5
54fe5b510967a920d1ea789be84feda6

SHA1
35c9a6f3ccabee0e1e79248e740d0124a81ae5d5

SHA256
f16740e1d0d02d2921f777589d1d81fa1843af65b3854fb5286e409ce9d27baf

SHA512
f4d1a9ebc785cf9b27612c03347b0a0240412ca460ed078581000544f6ac607f4b46a4b3c34e134242fab37e5959522553c60f42b656d36844f7fc285d09a003

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1474823524\manifest.json

Filesize
111B

MD5
fecba6c3128a97f09a1173779924be7c

SHA1
41645675ff089fc6059bbe1ed4b049502241e7fa

SHA256
7ef57c6645a8d144047d276b5d41b153c4dc63cf3627c32db018ae64b4e6d92b

SHA512
c1193abe0bb4a9359e8e73332475995bd042149f62a67e67d37549993c7130589db809c53657abb7a0f9c518f975f270debeaf7fa70327a81b8bbee233035aad

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1477787948\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1582550834\manifest.json

Filesize
546B

MD5
ccc2d62f051e67b70c72b6719493b273

SHA1
f59b5076716db275b936b69c84cd661a6c42f0b3

SHA256
b01ff84c07c6fbc6bcf265a56f9cb6928d62e19678eef47a5bd81f175179efa7

SHA512
7712a6704965a5daca32b59c2b99336ea69555ff4df03ff3d1fc49189bab66363694e062a943f3e29fce564fd90cb5a51902473184bcf12f0c108354fc6f2623

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1593065803\manifest.json

Filesize
107B

MD5
27236395ce59c88a97e8d0dcff44fc45

SHA1
e55a2afedd85914131073021d5de4b64dbdbcaa8

SHA256
fa0ff36fb3b2a396905448ad1a9d3d0425699424398f9b0fdeadc7c4a961f997

SHA512
cba3e76fe2f3ddd71276a26adfb7aa70843bce3ec761356a6f2f3ddc601ca9158a6601b6933d5a4a7342fb92e4be80fc2c851256e85f816a5c3063f6d69aa77a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1741222899\manifest.json

Filesize
578B

MD5
f5c4f44f2e310c340dad0b533315dbc8

SHA1
046963cfe7fd14dcf450c21141350fa9f8d59e2e

SHA256
81c638729ce6b4b25151e90a88e04144c6b4a63a3d0cfdd69da35ea660f88075

SHA512
7ba6dd0b8c8697c07e24a9e2935bd13cf4c82ea6c76e752da47de67ab59ecb6f7071c5ca393b7faefc8cea1c55e598bc94b7275bf1cbc863f99e6904a8a1feaf

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_1906724043\manifest.json

Filesize
518B

MD5
c8e3ccb468295cf6a83a182d31830ef8

SHA1
640300cccc6d8c8e5173abf2d05536ac70764920

SHA256
148564b2473c982e21f10ee6ba8f89282af4398578169713673e5de969c7e444

SHA512
f9996d1197816fb876cb4a6cc53f4f9054208b6bf22b5484d135c29a9ec6029efa0c168f5135cf6c100644a4acaaf8c98181d266ac434df22156fddd705db6e7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_2048531582\manifest.json

Filesize
95B

MD5
cd3300d7571770b1800f4505eeda0f06

SHA1
3f6a686d85dc53b90c1fd6724ec476fc38a87b1e

SHA256
b4c780a8b36b0a034c4421ab385f5f1dfbc8a86ee876cfa4e14ad65916aa23d6

SHA512
e981b7b5d3ca9ddb5dd9a402a08c7f6fe76a79a908ee8c333dd8a26fe48044e09e88139c2037ba6c1d2cd4ab244c10c8de8706652f927d9e5904fdd6f2b44eec

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_2083893415\manifest.json

Filesize
558B

MD5
f2ea88c3713fadc1cb2f57ffc5f763e5

SHA1
203adbd539223c4ea2c2f0a549dd198d46bda233

SHA256
3ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62

SHA512
32b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_609772952\manifest.json

Filesize
564B

MD5
2efa37b5105fbed3014a7be8963dc2ed

SHA1
a03fd940871c3a99836f8f1c3bb2edb5e5a32339

SHA256
9961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2

SHA512
9b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_698575311\manifest.json

Filesize
533B

MD5
42009b4dd959e3bc13f18be4df9274fd

SHA1
587ae3aa747b57ee96f44ff231efec1cc594dc97

SHA256
c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92

SHA512
6a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_710426087\manifest.json

Filesize
555B

MD5
32c91bf9b8f95b4b2330a1b7d8b6c359

SHA1
32589e12e041bbc42fb3a66c489b39ef380fc1fd

SHA256
cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1

SHA512
2f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_717067068\manifest.json

Filesize
76B

MD5
c08a4e8fe2334119d49ca6967c23850f

SHA1
13c566b819d8e087246c80919e938ef2828b5dc4

SHA256
5b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0

SHA512
506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_9782680\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2224_985401962\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
memory/1528-5820-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/1708-4617-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/1708-4613-0x0000000002A50000-0x0000000002AA5000-memory.dmp

Filesize
340KB

Download
memory/5252-2863-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2866-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2860-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2859-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2864-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2861-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2862-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2868-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2865-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5252-2867-0x000001C9E5BE0000-0x000001C9E5BE1000-memory.dmp

Filesize
4KB

Download
memory/5588-3507-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3505-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3506-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3512-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3514-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3516-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3515-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3513-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download
memory/5588-3511-0x000002594ACC0000-0x000002594ACC1000-memory.dmp

Filesize
4KB

Download