Analysis
-
max time kernel
197s -
max time network
177s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
21-01-2025 14:42
Behavioral task
behavioral1
Sample
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe
Resource
win11-20241007-en
General
-
Target
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe
-
Size
755KB
-
MD5
11bc606269a161555431bacf37f7c1e4
-
SHA1
63c52b0ac68ab7464e2cd777442a5807db9b5383
-
SHA256
1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed
-
SHA512
0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f
-
SSDEEP
12288:XVFUEuNmwvGrw9i0aTGRGicBckyyFRtWY1i3FTsvOVV0gz:3UEUUw9RaTNicBrPFRtJ1iVTsC5z
Malware Config
Signatures
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Localized Name = "Brave" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\ = "Brave" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\StubPath = "\"C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\132.1.74.48\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" setup.exe -
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe BraveUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe\DisableExceptionChainValidation = "0" BraveUpdate.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 51 IoCs
pid Process 2852 BraveBrowserSetup-BRV002.exe 2748 BraveUpdate.exe 4476 BraveUpdate.exe 2760 BraveUpdate.exe 896 BraveUpdateComRegisterShell64.exe 2560 BraveUpdateComRegisterShell64.exe 1404 BraveUpdateComRegisterShell64.exe 1528 BraveUpdate.exe 3156 BraveUpdate.exe 1632 BraveUpdate.exe 1520 brave_installer-x64.exe 4580 setup.exe 1348 setup.exe 5096 setup.exe 4428 setup.exe 4668 BraveUpdate.exe 3016 BraveUpdateOnDemand.exe 4556 BraveUpdate.exe 2608 brave.exe 1376 brave.exe 1804 brave.exe 4680 brave.exe 4056 brave.exe 2696 elevation_service.exe 4584 brave.exe 2216 brave.exe 2148 brave.exe 1632 brave.exe 2276 brave.exe 5108 brave.exe 2064 brave.exe 3940 brave.exe 3348 brave.exe 3320 chrmstp.exe 3132 brave.exe 3360 chrmstp.exe 5508 chrmstp.exe 5528 chrmstp.exe 5808 brave.exe 5992 brave.exe 6080 brave.exe 6092 brave.exe 6112 brave.exe 3312 brave.exe 5876 brave.exe 5108 brave.exe 2072 brave.exe 5872 brave.exe 5412 brave.exe 2276 brave.exe 2956 brave.exe -
Loads dropped DLL 64 IoCs
pid Process 2748 BraveUpdate.exe 4476 BraveUpdate.exe 2760 BraveUpdate.exe 896 BraveUpdateComRegisterShell64.exe 2760 BraveUpdate.exe 2560 BraveUpdateComRegisterShell64.exe 2760 BraveUpdate.exe 1404 BraveUpdateComRegisterShell64.exe 2760 BraveUpdate.exe 1528 BraveUpdate.exe 3156 BraveUpdate.exe 1632 BraveUpdate.exe 1632 BraveUpdate.exe 3156 BraveUpdate.exe 4668 BraveUpdate.exe 4556 BraveUpdate.exe 4556 BraveUpdate.exe 2608 brave.exe 1376 brave.exe 2608 brave.exe 1804 brave.exe 4680 brave.exe 1804 brave.exe 4680 brave.exe 1804 brave.exe 1804 brave.exe 1804 brave.exe 4056 brave.exe 4056 brave.exe 1804 brave.exe 1804 brave.exe 1804 brave.exe 2216 brave.exe 4584 brave.exe 2216 brave.exe 4584 brave.exe 2148 brave.exe 2276 brave.exe 2276 brave.exe 5108 brave.exe 5108 brave.exe 3348 brave.exe 1632 brave.exe 1632 brave.exe 3132 brave.exe 3132 brave.exe 2064 brave.exe 3940 brave.exe 2064 brave.exe 3940 brave.exe 3348 brave.exe 2148 brave.exe 5808 brave.exe 5808 brave.exe 5992 brave.exe 5992 brave.exe 6080 brave.exe 6080 brave.exe 6092 brave.exe 6112 brave.exe 6092 brave.exe 6112 brave.exe 3312 brave.exe 3312 brave.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName brave.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer brave.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_it.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ml.dll BraveUpdate.exe File opened for modification C:\Program Files (x86)\BraveSoftware\Update\Download\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\132.1.74.48\brave_installer-x64.exe BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\zh-TW.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ca\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sw\messages.json setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdate.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\fi.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ta\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\th.pak setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lv.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_64.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine_64.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\brave_installer-x64.exe BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\libEGL.dll setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\bn.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ms\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\bg.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\ru.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\cs\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\en_GB\messages.json setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_kn.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\chrome_200_percent.pak setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_en-GB.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\fil.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\am\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\en_US\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\sr\messages.json setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_pt-BR.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psuser_arm64.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\nb.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ru\messages.json setup.exe File opened for modification C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe brave_installer-x64.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\psmachine.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\fil\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\nb\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\VisualElements\SmallLogo.png setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_fi.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_lt.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\brave_200_percent.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\af.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\chrome_proxy.exe setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_da.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\SETUP.EX_ brave_installer-x64.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\he.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\hu\messages.json setup.exe File opened for modification C:\Program Files\BraveSoftware\Brave-Browser\Application\SetupMetrics\4580_13381944233819218.pma setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_cs.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_de.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\brave_vpn_helper.exe setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\chrome_100_percent.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\ro\messages.json setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\VisualElements\Logo.png setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_ja.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateBroker.exe BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\ar.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\ca.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\el.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\et.pak setup.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\resources\brave_extension\_locales\zh_TW\messages.json setup.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_es-419.dll BraveUpdate.exe File created C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\goopdateres_mr.dll BraveUpdate.exe File created C:\Program Files\BraveSoftware\Brave-Browser\Temp\source4580_660079598\Chrome-bin\132.1.74.48\Locales\lt.pak setup.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_fa.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_te.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1121726732\22c36fbe-bc7e-4032-9916-7714e2c2c1ed.jpg brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\scripts\brave_rewards\publisher\twitch\twitchAutoContribution.bundle.js brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_fr.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_931678970\brave_metadata\verified_contents.json brave.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat chrmstp.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_132020691\manifest.fingerprint brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_fil.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_hu.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_sl.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_tr.dll BraveBrowserSetup-BRV002.exe File opened for modification C:\Windows\SystemTemp setup.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\localhost-permission-allow-list.txt brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1121726732\d53df74a-1334-4fb9-b8da-1e2cc4f41910.jpg brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_bg.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_nl.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_uk.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\nadeem-choudhary-1.jpg brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1121726732\4bcf6459-9894-406c-90ef-45e91b6c49fd.png brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_bn.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_ca.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_gu.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_id.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_ko.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_sv.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_url_fetcher_2608_613005081\extension_1_0_15.crx brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_554631708\manifest.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\eric-patterson-2.jpg brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\spencer-moore-2.jpg brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1935352851\resources.json brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\BraveUpdateComRegisterShell64.exe BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_et.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_no.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\spencer-moore-1.jpg brave.exe File created C:\Windows\SystemTemp\chrome_url_fetcher_2608_1389242860\extension_1_0_106.crx brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\StudentNTP_Luke-Berrigan_x1280.jpg brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_el.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_fi.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_zh-CN.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_931678970\list_catalog.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1121726732\photo.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_132020691\mapping-table.json brave.exe File opened for modification C:\Windows\SystemTemp chrmstp.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_ro.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\clean-urls-permissions.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\manifest.fingerprint brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\StudentNTP_John-Ng_x1280.jpg brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_ru.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\https-upgrade-exceptions-list.txt brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_386770103\LICENSE brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\photo.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\spencer-moore-3.jpg brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_386770103\_metadata\verified_contents.json brave.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdate.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\psmachine_64.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\BraveUpdateCore.exe BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\goopdateres_sr.dll BraveBrowserSetup-BRV002.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_931678970\regional_catalog.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\clean-urls.json brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\scripts\brave_rewards\publisher\vimeo\vimeoBase.bundle.js brave.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_214768555\manifest.fingerprint brave.exe File opened for modification C:\Windows\SystemTemp\chromium_installer.log chrmstp.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2608_1529867194\1\scripts\brave_rewards\publisher\youtube\youtubeAutoContribution.bundle.js brave.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveBrowserSetup-BRV002.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdateOnDemand.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BraveUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 1528 BraveUpdate.exe 4668 BraveUpdate.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS brave.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName brave.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer brave.exe -
Modifies data under HKEY_USERS 12 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Ammyy\Admin 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key created \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry brave.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr3 = 069d7360d840d05050915570e0bcb8cb323a31609aa8c3c5c58e0477340d03194130fa086c8f03895108d1c07dd3202173039f2e293eec27a560b1743238b16ea65b19892e03733037c9e4 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819441881795911" chrome.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Key created \REGISTRY\USER\.DEFAULT\Software\Ammyy 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr = 537d567366087c6658524c1752530980ae835a33b36b 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreMachineClass.1 BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\BraveUpdateOnDemand.exe\"" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ = "IRegistrationUpdateHook" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "BraveSoftwareUpdate.OnDemandCOMClassMachineFallback.1.0" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}\AppID = "{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\ProxyStubClsid32 BraveUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32 BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CredentialDialogMachine.1.0 BraveUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\.pdf setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass.1\CLSID\ = "{3AD2D487-D166-4160-8E36-1AE505233A55}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods\ = "12" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.ProcessLauncher\CurVer BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveFile\DefaultIcon\ = "C:\\Program Files\\BraveSoftware\\Brave-Browser\\Application\\brave.exe,10" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.CoreClass\CurVer BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996}\ = "IPolicyStatus2" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{431F0B22-1282-49BB-B84D-5D5D79B3B848}\ = "PSFactoryBuffer" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ = "IApp2" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F396861E-0C8E-4C71-8256-2FAE6D759CE9}\1.0\0\win32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods\ = "4" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DB7BD5-BD0B-4886-9705-174203FE0ADA}\NumMethods BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563} BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32 BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ = "IPackage" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{931E73FD-D487-4458-AA08-1FF41413377B}\NumMethods\ = "12" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebMachine.1.0\ = "Google Update Broker Class Factory" BraveUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\BraveHTML\shell setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods\ = "9" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{652886FF-517B-4F23-A14F-F99563A04BCC}" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.Update3WebSvc\ = "BraveUpdate Update3Web" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods\ = "10" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\ProgID BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598BBE98-5919-4392-B62A-50D7115F10A3}\LocalServer32\ = "\"C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\BraveUpdateBroker.exe\"" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32\ = "C:\\Program Files (x86)\\BraveSoftware\\Update\\1.3.361.151\\psmachine_64.dll" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\NumMethods\ = "41" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ = "IBrowserHttpRequest2" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BraveSoftwareUpdate.PolicyStatusSvc\CLSID\ = "{13B35483-DF37-4603-97F8-9504E48B49BF}" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32 BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ = "IGoogleUpdate" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFF9CA12-4CD3-474B-B881-CDE1D92F1996} BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32\ = "{431F0B22-1282-49BB-B84D-5D5D79B3B848}" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods\ = "8" BraveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13B35483-DF37-4603-97F8-9504E48B49BF}\ProgID\ = "BraveSoftwareUpdate.PolicyStatusSvc.1.0" BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods\ = "8" BraveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32 BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A147722A-5568-4B84-B401-86D744470CBF} BraveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ = "IAppBundleWeb" BraveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods BraveUpdateComRegisterShell64.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe:Zone.Identifier chrome.exe File created C:\Windows\SystemTemp\GUM3B8E.tmp\BraveUpdateSetup.exe\:Zone.Identifier:$DATA BraveBrowserSetup-BRV002.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 112 chrome.exe 112 chrome.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 3156 BraveUpdate.exe 3156 BraveUpdate.exe 4668 BraveUpdate.exe 4668 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2748 BraveUpdate.exe 2608 brave.exe 2608 brave.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeDebugPrivilege 2748 BraveUpdate.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeDebugPrivilege 2748 BraveUpdate.exe Token: SeDebugPrivilege 2748 BraveUpdate.exe Token: SeDebugPrivilege 2748 BraveUpdate.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 2932 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 2608 brave.exe 2608 brave.exe 2608 brave.exe 5508 chrmstp.exe 2608 brave.exe -
Suspicious use of SendNotifyMessage 13 IoCs
pid Process 2932 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1468 wrote to memory of 2932 1468 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe 77 PID 1468 wrote to memory of 2932 1468 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe 77 PID 1468 wrote to memory of 2932 1468 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe 77 PID 112 wrote to memory of 2260 112 chrome.exe 81 PID 112 wrote to memory of 2260 112 chrome.exe 81 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 1224 112 chrome.exe 82 PID 112 wrote to memory of 4496 112 chrome.exe 83 PID 112 wrote to memory of 4496 112 chrome.exe 83 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84 PID 112 wrote to memory of 1712 112 chrome.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe"C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4432
-
C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe"C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe" -service -lunch1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe"C:\Users\Admin\AppData\Local\Temp\1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed.exe"2⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec388cc40,0x7ffec388cc4c,0x7ffec388cc582⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1764 /prefetch:22⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:32⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:82⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:32
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:12⤵PID:2216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:82⤵PID:3844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:82⤵PID:3552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:82⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:82⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5348,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:22⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5180,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4612,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5008,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:82⤵PID:3652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5620,i,7037247459054678668,15753432512503545969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4328 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:4476
-
-
C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"C:\Users\Admin\Downloads\BraveBrowserSetup-BRV002.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:2852 -
C:\Windows\SystemTemp\GUM3B8E.tmp\BraveUpdate.exeC:\Windows\SystemTemp\GUM3B8E.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2748 -
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4476
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2760 -
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:896
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2560
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1404
-
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyQUZGNzkxNi0wQjUyLTQ4RTAtOUFDMC01NzhENjVCQ0I2NEZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MTQ0RjcwMkEtRTQyNS00OTY1LTk1RDEtN0RGQTQzQjEyQjNBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4zNjEuMTUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9Ijk5MiIvPjwvYXBwPjwvcmVxdWVzdD44⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1528
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{2AFF7916-0B52-48E0-9AC0-578D65BCB64F}"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3156
-
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2256
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3860
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1632 -
C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\brave_installer-x64.exe"C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\brave_installer-x64.exe" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\gui918F.tmp"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1520 -
C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe"C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\CHROME.PACKED.7Z" --do-not-launch-chrome /installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\gui918F.tmp" --brave-referral-code="BRV002"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
PID:4580 -
C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe"C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff777a3e4c8,0x7ff777a3e4d4,0x7ff777a3e4e04⤵
- Executes dropped EXE
PID:1348
-
-
C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe"C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\gui918F.tmp" --create-shortcuts=0 --install-level=14⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5096 -
C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe"C:\Program Files (x86)\BraveSoftware\Update\Install\{939B581E-B8CD-4B94-B6E4-4D55FAC8D31E}\CR_B69A3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff777a3e4c8,0x7ff777a3e4d4,0x7ff777a3e4e05⤵
- Executes dropped EXE
PID:4428
-
-
-
-
-
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsyQUZGNzkxNi0wQjUyLTQ4RTAtOUFDMC01NzhENjVCQ0I2NEZ9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7NTNCMjU5NDYtQUVDMS00NzJCLTk0RDQtMDVENzIyNTc3MkIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMi4xLjc0LjQ4IiBhcD0icmVsZWFzZSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS9yZWxlYXNlL3dpbi8xMzIuMS43NC40OC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgZG93bmxvYWRfdGltZV9tcz0iMTI4MDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM3MSIgZG93bmxvYWRfdGltZV9tcz0iMTM4OTciIGRvd25sb2FkZWQ9IjEzMTUwMTA3MiIgdG90YWw9IjEzMTUwMTA3MiIgaW5zdGFsbF90aW1lX21zPSIzMDQ2OSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4668
-
-
C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateOnDemand.exe" -Embedding1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3016 -
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4556 -
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installer3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2608 -
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec350fd08,0x7ffec350fd14,0x7ffec350fd204⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1376
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2016,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2012 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1804
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1928,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2168 /prefetch:114⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4680
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=2552 /prefetch:134⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4056
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3348,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3452 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4584
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3460,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3604 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2216
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4800,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4888 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2148
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5028,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5016 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1632
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3352 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2276
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5380 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5108
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5408,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5544 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2064
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5580,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5700 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3940
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3320 -
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff66fa3e4c8,0x7ff66fa3e4d4,0x7ff66fa3e4e05⤵
- Executes dropped EXE
PID:3360
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\BraveSoftware\Brave-Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=05⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:5508 -
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=132.1.74.48 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff66fa3e4c8,0x7ff66fa3e4d4,0x7ff66fa3e4e06⤵
- Executes dropped EXE
PID:5528
-
-
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5732,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5864 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3348
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6004,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6056 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3132
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4240,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3828 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5808
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4876,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=4828 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5992
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6048,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5392 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6080
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5264 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6092
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6496 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6112
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3428,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6092 /prefetch:144⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3312
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6632,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6524 /prefetch:144⤵
- Executes dropped EXE
PID:5876
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6376,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6476 /prefetch:14⤵
- Executes dropped EXE
PID:5108
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6556,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=6604 /prefetch:14⤵
- Executes dropped EXE
PID:2072
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4908,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5000 /prefetch:14⤵
- Executes dropped EXE
PID:5872
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3668,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3676 /prefetch:14⤵
- Executes dropped EXE
PID:5412
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4584,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=5136 /prefetch:14⤵
- Executes dropped EXE
PID:2276
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17352821239442374755 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6704,i,1019060713728899629,8116125325605026187,262144 --variations-seed-version=main@daf6d93489f2bc0f91a87af4d587d81c595652fd --mojo-platform-channel-handle=3596 /prefetch:14⤵
- Executes dropped EXE
PID:2956
-
-
-
-
C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.48\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2696
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.4MB
MD568cb538abee1e6f982bb3e227f644880
SHA18374784a94675c9d7a7b6b8642288b3c9a24d1ea
SHA256f570090435611bbdc706203e57a4c3e767f179608c1ebac48e72decb2895d659
SHA5122e1f70385858f95ca988f0eb7cb26279b1f0fa6a0339d9dfeb10758acfd64c16f7a02b3ffe284f26bfa8499870448ed34cfbd55560595113c3bce3a61989f195
-
Filesize
22B
MD54e0634fb5bd746533e30bdaa1d23442e
SHA12fcc999b0dfd6e4649ebb9f40f91c7bc05e57278
SHA256b7fafb780dca89b1282b13cc07c38c7b14f93ea6a7b99d7c31c3000c37fa2a1c
SHA512c039bcb99da56864c9f6e00a8b2c37f8d9d94c547d749925f615d37ee490257d54bf69379a80f65972d05247e7e1774dbd23d40ca6d069e2ef10f73b74a46815
-
Filesize
75B
MD584335d3fd8590664dfebaa7e080e8304
SHA18dd1a313585e8f51a9c5c02b363ab8acda547625
SHA2569d43113871c9601321eacd423e5da36a71c3949fa1ed8f881d4bd715c617e6fc
SHA512f3b0d13be013400edf9c3ab381a1bff07f208eac546911e94337bbf06365075b121c0a7ab9d27b4306c4641eea033ca7ddb2c743cc49c668946dc7a24908e1a7
-
Filesize
271B
MD5714f2508d4227f74b6adacfef73815d8
SHA1a35c8a796e4453c0c09d011284b806d25bdad04c
SHA256a5579945f23747541c0e80b79e79375d4ca44feafcd425ee9bd9302e35312480
SHA5121171a6eac6d237053815a40c2bcc2df9f4209902d6157777377228f3b618cad50c88a9519444ed5c447cf744e4655272fb42dabb567df85b4b19b1a2f1d086d8
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\CertificateRevocation\9503\crl-set
Filesize607KB
MD588de2bf120c3f6877054a6defa1bd94f
SHA1adb9fb040f7cb57ea69d25ede6e24e5dd4b88311
SHA256f41606a29a66285fa24b5bf7d41ea6ae5e7e9376f3da4bfce0a5128b201163f5
SHA51271d6f95ae9a0ae2800b9e687f25595ccfdd8519172e00bb04f3540fccff39b310ee68878601e1e05f3aa0e1815b29fc91568f205dd084827b83c2253ad0286e0
-
Filesize
40B
MD5f02ca279cde20630ab43589c8260a59e
SHA178865e920c6761aa9ba25ad5b143feb62153e53b
SHA2563bf360f089bcff6aa9e9b7310808b96235fe3f7ce2c28e87fde1f2d229320be9
SHA5128c2320efad6e9720b7abe219d9e636da380f665fad149f6d93243fc7a0ca92fdd6bc6637321c7e429eb69fe589169a0880c599733aa3a8d529fe85a4ec6a17b3
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\072e1cbc-213f-4abd-a935-bb1fc80c7a49.tmp
Filesize7KB
MD5e849cc92af2af4014bcfa2b56eef6545
SHA1e6d81226bec6494641cff8443e94370dd5981e69
SHA256b2b541a9c85a70bc7c832cc9c421a6f740fc3ef059ca27dd5f7a8242a8213fc4
SHA512f0b4430f329d751009e102e3742ef5cf1ab84f7b7913ca49a27c749f2e202ad3f8d303c8a3f9cb9f535c14d0fb7ca29240decdf78291da07bb36ec28a73f06c4
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\23018978-49f1-424b-bd77-7f32108f317e.tmp
Filesize165KB
MD5dceb0cfa9b61effc8788488f43747572
SHA1c43235ebfd21469a747e8a264b67f874e0400cb9
SHA2564f6f8abe6e2a6bbfea1c79b495019e80015343160d7fd99ecd0d428c9a8fd57a
SHA512a4f5775c654fa4f31f53cb6fbab084939bd929feb95740b904045cd1f0a52c819e90876e56e66f7d1bb38db66fa0cb49c7365511f8346eec3cdc610e32b02c6b
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\3efc10de-7859-48f8-b579-8418d6fd116b.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\000001.dbtmp
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\BraveWallet\Brave Wallet Storage\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000043
Filesize47KB
MD5015c126a3520c9a8f6a27979d0266e96
SHA12acf956561d44434a6d84204670cf849d3215d5f
SHA2563c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA51202a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5425ce4e84d4e6190b81b5606cddab9fc
SHA163c3c5301683d5fc5d0a1c3d07f4dda74ed5957c
SHA2562fc03eb01c90b0cd29e0d505b5e95adaa1e7194ef0972da7f1424cdb8fc085fc
SHA512b7e2e0880711d9faa6437820f303cbec452f015af96348fada85d5b0264bc7462bf301bc8647ebddafc2cf4e3aefc276a1c9b1626b881202bb30e277b567624e
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD51935f219d43cc1f5dbce33fd4f1672c1
SHA1a96b5c294844a7994fbf11027af0a4ecc194e23d
SHA256638eb0112214a039a1dbc8dbd7bd60921aa77dea6cfbfd86a635e8ebc0da4031
SHA5125ab52f6b929a23d131bffa9eac1c6fbeb2fa21e275bf3d02cb294c61625c21aeec8de49415fa472e8500a0b95e5882dbd0d644374c3c01f2aaf597452d9ad17b
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State
Filesize4KB
MD54382926bf721e41e126d4fdb207da497
SHA12979dd9c7f51bab052f6c5937c0e92a0b5e2f09b
SHA2568e80ffc1f3581cbb337d449ecda7e38573502e23e9ae55e335b32e8d5defd758
SHA51227d4dece9354a28211e19128868f93e9a15c7b3a39a721e2ecdbd9a7a5472b753cb35d2a5a3e805c57c5cf99acf42c414fc44c7065c0963ff83335d797870ae6
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Network Persistent State~RFe59fe9a.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
Filesize1KB
MD5942f25fe8ed19686183711ccb977e655
SHA12d1179c9f4ae63efd6ff7b1460b53de6d6afa70a
SHA256ec32e0453d5d7a7f5ab98282a6f23497b6f63b5be26620a333888dffc9e84ce4
SHA5129e5d17030c726eec223ba7f8feaabe4ecc7b5c247cf9791266488dde9870b7f4fd7d0f2e4bf7a6977ffed45ddd6b582119856cf1df9352a36a7635f95470ff71
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity
Filesize858B
MD5e5bfa7203f39572c383e21e525210d26
SHA1313e49188f0c3f665fa0c37a577bd0db16533a62
SHA2564e7a94fe11770a18630aec187545ef9f0ec9ee78f860aee5ef99f80a690b9137
SHA51298bd8436a46bf9b2dfea2b1f55908d7330e7ddffff4241c533b3ebd2e50008a73ab189678ab47f499d24d0b0ca5c372793a77276879a9326a102459246ce0d85
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\TransportSecurity~RFe59c634.TMP
Filesize356B
MD5412c0b3a8510f41ad2c6800fc34e0bd2
SHA17c5e3086bd614c484fba37348f506c98097665e9
SHA256d6333ac80763d29dd8ac81c1f0784021d4e5ff9b678e09f01d97dfbd9dac45e0
SHA5126340849abf4433e8333e9ee626bc2c71bab2d53274785264da10d23c3f8541a870bfb8e9139a1eb0eaa9d6b85411b3041b794a7a2baef8f44cdb199aadcca82a
-
Filesize
17KB
MD59c2ef79530033b6410e49e3643382e72
SHA11b35617b1d4c364151d6b1af64e4d814fec8c2fa
SHA25651519571e54cb325400cd5ccd8b74bb5e0c8371e8cbace9375600c4a841f7d59
SHA512c6ca5c1157b1405d0306a9dfd264b9b89ce59447bed1b48de1b7621e0e1cd108c017f619e0033e7e2172b31c92b056c7b058e6143d613ea2c4cb23663d3ca374
-
Filesize
19KB
MD5ec073c2e06e4c517cee661e9b3228b9b
SHA1ccd561a7124b0eab5fdbe185210099fbc442710f
SHA256a2679d9671cddd0c1e221e888893003c9646fde7363ee39abac24c33763b3dfd
SHA512441443319af30b0f1de68d9fae453cc96b72bee9a70e3f1d8e513e70a0da3f7cb843cdd355be6e211942755fd01f9d45692b0c821ed0efce293157ba43f684ad
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences~RFe593483.TMP
Filesize2KB
MD5efc5f41c9663f240ed1a06bb21ae0e8b
SHA1eac856809c79c7fc63bb49072d47c9dbe3556831
SHA256cb21dae9333ceb81bc24de4e4944553354268d0d7439eab810fb75ca297394f5
SHA512adb6e9c4ca4e6688ca7f450c938179e455f4b4f2afafcabe1a40fe81a6e9cff52d238c620a0cef5e1616119941ad75a3db27eb2cbf3abd0421d1ad060d462e11
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\FileTypePolicies\67\download_file_types.pb
Filesize7KB
MD5d28b6246cba1d78930d98b7b943d4fc0
SHA14936ebc7dbe0c2875046cac3a4dcaa35a7434740
SHA256239557f40c6f3a18673d220534b1a34289021142dc9ba0d438a3a678333a0ec6
SHA512b8dbebe85e6d720c36dbdae9395fb633fb7028fecc5292498ac89276ae87bd6de36288fbf858f3476e18033a430f503acf6280596449dd0478b6ab7139f3cea6
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
52KB
MD5267c6399bfa09ee0cc9e993030c9bcf7
SHA12bb9f023c77e9933285ec248ff24d938374dda21
SHA25671369d3a6f7eff419c69cecf520f79a5e03ac181c8a9d2d12a3f2beee75f57e4
SHA5125d2ce5103245b6912701dbff5ff0f448ef9640f6aff7135dfed11afd4fa922600aa5ba40ded1d15c3e32c76eba3dff3ab09955094d263fbc348f86df72eba294
-
Filesize
52KB
MD5a760e1444516cd90a83a276cb9934f92
SHA18a742fe1e5f61806fce7701d18e3f2c8e03f12d8
SHA256176c1e24cf58ea81d6c1d01b9aee336650af260cbcd25d96fe2e525d5cacef78
SHA512c911a0579b2212ae857468470704e20c8ee2437227ea79c5e40313d18ef14ab33a086f373c470718a0dfa09f0ba75205d9d1d5f670663fe6ba8f0e4c7c3d2aa1
-
Filesize
52KB
MD509305d3d2915cea07045068157560bfb
SHA1f348a67c1b4f67c55f6f6c4119713f48f3bf0801
SHA25697c4450bb1043f2acdd377e8f730a21fc17e534d6ee08afcea287e7ccb256491
SHA5128fcc18800e6190ad0200a16ad98d4c4af7090e8bd5a024d9e6823433eff195350a500020627aa69d4951b58b0e0968e890577957f27d6539998a7731446602e8
-
Filesize
7KB
MD5011182f964d54e1f6453c8d9c35ffdb7
SHA1e73f00638c5904df4114e3d67c8a496ffca33097
SHA2562049ac073e63ce113a8979764ec97f7a3442364b7c09bf5e685bd373541e5f74
SHA512a12002e5110afc5fe0a8b28b86c71e68411f66dc68c2671b85ab21d6372801eca72525caa12cf47889d6bbe4decad380c3d89e8e22f48eb185c3631a781c1885
-
Filesize
51KB
MD5ba5ce74a440867bea6d3dc551dec7bf2
SHA1735e496ab13daf638e72ecf793577d8cef92a636
SHA256a92ffa12a25c6254c04af76ab878957a583f31c786ae1d664e023dcb475661c7
SHA512df0dd7a470ec35c06b86bdd1d9293a03d54161c7dcc6627860bbd6e0515931894cf7de78508d0122d1ef38b016c7e6f5629a3b38afadb69d2159ded72aba5914
-
Filesize
52KB
MD5dfcdeb07f6a62e60b5e1be344ebdcec4
SHA15ec42356dd15b5e0f894ebf7ad41a1bb7ee82b7a
SHA2569c818619de73b24516d7c8a7f8f7febfc41a64770b33f24897a86824841954a3
SHA512f43067541afbd2ee6b9fff9c01ea8bde1399db887ad24d0f88a7c120db135bea683282733b4bab8dcead28a504938c8f001dc08838076d3dda4d849867155f5d
-
Filesize
52KB
MD59563e2f447c80a1e2317eaa3bb1cdef7
SHA13beba35fd6e19e58295452afeeed000478ecbbbb
SHA256efc1bbf1ea2ed1f8e5d57b079824e38e6af4bb123590b32e5128aee831d5f47b
SHA512474aeaf824ca298b82fb6e918b4767e5b7d7cbbb2ee95ef5d2c84be1b0a90bdf3b5047ce973663e714bdffb5afe4c5a8db2c4cc9ff28e586e1265988e214584a
-
Filesize
6KB
MD59f54187aa97db63b70cb108b5bd43820
SHA1be4e20da191aee1bdd0061e6e7a3c05fe9ca5870
SHA2567d48e0f7a12e4801436e14df8dfb6a95df8b2491e0c0a593dc6a4b35c01d52bf
SHA51251d01379866d5e3b2877dcb582710c390faf07eb88730e594dbd53a2ea9341f83bcf11878bd349c4c2fb174df882cb6454e63d39ceba1f05a47896fc40963b0e
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei\1.0.290\list.txt
Filesize151KB
MD59e7546fe03e01da7ea2443e2a51419ae
SHA1615ac4aa39bba0a0e495229e33fca333b5b308db
SHA2568c92b2a97b894de01cf075214d12f2b1abedc5d20a0034c9efeb1be828df8486
SHA512f6441d6b2ff91ed3e26ab4ebaf16a6a7a6eba2056950af0cf4a86490048f4c79faa0969b8893575236184d9dc6de536764dbb2b86775d7b71c58f99d06cf0d65
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1035\1\clean-urls-permissions.json
Filesize268B
MD500acb0f14b6b6c11ce80107110ead798
SHA12a40b0217ddea6d507234f236d3889b46ee35baa
SHA2562e666bd0d92b08bddac4487b184c5612dc408f21fe4f3fab78a7ce1b2fa3f8ca
SHA512c3a53397be2fcf41702524cb42c8d2b49d4cbde4c5479c6d0d6e92152cd213dd7436d7729906d76ed003d64e806cdf66dda7f3ca8dd4b9f9efabe25ffb76c2cc
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1035\1\clean-urls.json
Filesize18KB
MD53e6714a16e04d03f205a85f2563eb1aa
SHA1a76641cf3a4745ae2e4426fb10b73a6af4f1f272
SHA2563c09ee2c055819d0ce5368cfcb19cd5384e2916d7a5c2332f59ed60b3545b0c0
SHA51205062fd40cf019b7367c2cf65d2fd219fd4e602111e9bd20b76545dc890f20fc4d1ed798d630bc0821d52ef4c35bd83e63bb84971d10f162d4c6c12eda8526b0
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1035\1\debounce.json
Filesize11KB
MD589b3c77c6b79fdf5252be739d528ab23
SHA1bef55bbd5fe8b4d92551618391da721c1dc5ba27
SHA256066f3b4550e5f6ebe7bc9c4a17e7b64c26a144df206d87cdf1f981634a5a76c5
SHA512e397d5dac9662ba5185cff7af34ff8b5ee3ba89a795aad18fc1bdef90cab9e45a78b523589b8edc1a0c3fc28fef10bfb84983e0f1df06a8149f33187914f6bbe
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1035\1\https-upgrade-exceptions-list.txt
Filesize86KB
MD5b8ebe8c70e14e1bdff4bf04cee9055a4
SHA16a8eeeb539eb5f630091a971585bc77731c24b12
SHA256a9c464c1aa17ec9958141c020c30badddd4801e15b9c0a0d430859df0ad1955e
SHA5129240b1d7ae17b6d20cb21a466335471d3b62ee2866e6d07dc62c1a288def513cedb5368891e4c8beecd135140a221bf8a16e048cced31b29fff9f8d0d40c7266
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal\1.0.1035\1\webcompat-exceptions.json
Filesize6KB
MD554b1343eed0640cc4b415bd1ef50dba1
SHA1df0a9d4bc264e7c9325a9d082ddb3ff8dea528ba
SHA2569344abffe1529919decfc08c1f171600319625ef7ec9a6d63dfac4927d6246b4
SHA512c7689d95879d890425e95322613167cb6be9c04f207e847fa3f6da4c752413325968a667fd3044d8cf08a74537a1affaffd02dfa33397079bdc603768f757e92
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel\1.0.15\photo.json
Filesize6KB
MD5a7e80c8cc5121a2febc654140e53ac32
SHA1c3b1b578dcbf91aa19e65d0ef6974c165723828e
SHA256a2595174656b59176071c0b79b404efa7246a9242c2bd19545155194c6b8cf99
SHA512d7ef1e8df49956bc212388ef7a5343b9836e825c4ff066aa65bf0f3a136ecee4b63ff807dd63eb33e6e812e470d644eccaf3a7f61a816e441ffc44a982690577
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb\1.0.10786\list.txt
Filesize54KB
MD5c66725d253f4ef2488c04b52dfc0ad38
SHA1b4afa089752a9e5b0b163f2241a6f8eb549dea2d
SHA2565ccd1301417943fe52a0fa6119837131a1db34b0bd18ce6c631b3522de9c1bc6
SHA5123ee4b4891a25e346484acd67393a0a8f7f38a9601f102d40806e1f1b246ac4110bb0ea3258150ce1a51146b7797b00ac6a5e0cb0e236de7adf271eae5d53ca6d
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe\1.0.12023\list.txt
Filesize1.3MB
MD51efd13037cdccddf686ac65534c7a5bc
SHA10cbf8b482607aa87806811b983e572cac7e6411e
SHA256d4b1fea07e60b014b09e1c8c5786306200dd75917be2fc21b281a081c803d7e8
SHA512755efd9e8eca870bb378c45ae51c9142ee6144a7464d56b0473b9744806bcbf4730e074b4891a387f9ca7ec69241874d06b2dc4b9cfe22867f83eb7adea92095
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\adcocjohghhfpidemphmcmlmhnfgikei_be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4
Filesize51KB
MD5c3417bff3e6f2c693d52d930d9b4900b
SHA1144ed430e0251a1e014360144515734d4f9c669e
SHA256be8af71b9ca03b332d95897e6517ee1dac14c2c3ec88732fe9d5807759fb6ee4
SHA5124c8090f2bf57fcea3ca30d8069e79c1432f13ed427b855192bec28fae2097f6769cdc3b1927f7b4f7a722aa5291502b47c461adbe6010ac4d7945b389abc4ce3
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\afalakplffnnnlkncjhbmahjfjhmlkal_cac986fa7b7a66663fa3d62fc67aec178ca1985cb84e3658ef7b2792570d5e18
Filesize71KB
MD5910c4438eeaf99b96eaa1f462588c3d2
SHA173fc876eca429b109b73e9c78206f2d16a194557
SHA256cac986fa7b7a66663fa3d62fc67aec178ca1985cb84e3658ef7b2792570d5e18
SHA512daa9734065db5f8dfa85e7af84103dfca7552facc63d1cf3b67066d85f7ab82ad32dc945639956004a4c1e453dfae67621098bc3b6c16149ad7a7e9378a87b68
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\aoojcmojmmcbpfgoecoadbdpnagfchel_9f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a
Filesize12.1MB
MD589c01a540e21a6012c4292eac6100dbb
SHA12bf600a9d372f38d37c64a9df5cb26d5cb046cf9
SHA2569f86d8efba865ca6f98389b7c55e368191b7954cd10b872da84de0b5382a247a
SHA512abd83f91b97c9c9bba4cb82501a6d316ef07173e4916e87a13f888ad32947b424d18bd6186a36245b2bd9f6c6cd29ccaaaf2445b3e5754c30ea53f1ab6016f25
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\bfpgedeaaibpoidldhjcknekahbikncb_5db05f0d30835af56d9049e81833d7252b488ecad0b0b27994beb61e49e42beb
Filesize18KB
MD5af70d3ba6459342fa3fc5a18cdf12519
SHA1285fd77560a7b5ad200aee5c9fba9c9ef37ffae1
SHA2565db05f0d30835af56d9049e81833d7252b488ecad0b0b27994beb61e49e42beb
SHA5120bb60dcd1ff9d024aca70274297bc89e09f2307ff2dd994eb6295d9567d291a877e8d6e34955aa32cfcdcae269f5d6ecd8aa1fdddb130f2aeb0c06ed4153f9ec
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\cdbbhgbmjhfnhnmgeddbliobbofkgdhe_ac2b0df3eb826c0d97d8a9dca2861af10c9390dd5aad7ef36b9e7dae930d9f9d
Filesize408KB
MD5f36da6b53659b55f2f342e8512366fc9
SHA15c5e36292228520bbbeba5d90f1aa3507e9231f1
SHA256ac2b0df3eb826c0d97d8a9dca2861af10c9390dd5aad7ef36b9e7dae930d9f9d
SHA5129d0161c5e6e6edf95ba1a50866042210199997a66c3210005327cd4a61c38c0c84493a46bf5675b3f888d9d0822f541faf366762f38ea88ab3362324fe9e1c72
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gccbbckogglekeggclmmekihdgdpdgoe_fe5d60991ad698bcd976d1040db1a072d8ba9ff96fb10a07db5dc5d0baf044bb
Filesize1.3MB
MD5a609b195dc4e7f5b734d306f3dbcad8c
SHA1a413330b34b4840407a467599437cd894ccd134a
SHA256fe5d60991ad698bcd976d1040db1a072d8ba9ff96fb10a07db5dc5d0baf044bb
SHA51241b0eb59790ac260069569079d3f0f0d807d938825c0a78e93b150b435715937c48004c75a73cc5b2f189a722a9533d5eb947dc6a832307f7a470fcaccd60ef6
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\gkboaolpopklhgplhaaiboijnklogmbc_9b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f
Filesize76KB
MD534f31f85a6b2a69a074939e4e231a047
SHA197f6d1a966baa94e686aef7fece23bbf099fb8c6
SHA2569b0a6f79321f3960467e7d3e3b3e9817d3ef281c405da30852606bc8c9cc588f
SHA51220f4d9efe5450e1f02608d382c97bd4269298c87763a4abcf63a5fe0ba62dd0c391824964084cc011ed6cd7db99c19c9b6411b04d42539081f3737dc78a2f2ed
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\heplpbhjcbmiibdlchlanmdenffpiibo_69d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f
Filesize4KB
MD53a03f3ab4119a23fa6b70a32a6fcd4b0
SHA15d047a5da7c7f388416aa50b5fba745bf5f36eb8
SHA25669d8f36372ec6edbfc4bdd957f954cc2aa97c9dc8c7992c1575b072632f3157f
SHA5128caa4e94e831b25226e956a8ee87c5b369547081df863ee34e7f80d686259eb9b7bf75757043ecc5b0eda3a603198da060f9b6f30be755350ab912fdc7681819
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\hfnkpimlhhgieaddgfemjhofmfblmnib_1.c9b5ce784b502262797c24098ef63ace80c7e7b997245785842fc0ca708fea0f
Filesize578KB
MD54965e441702c7675433bbb9bc41484d6
SHA176b4f13c24c7ff1b1e923378cd2e00ab16efdf5b
SHA256c9b5ce784b502262797c24098ef63ace80c7e7b997245785842fc0ca708fea0f
SHA5129e25cd82752adc2650f70715c0a8e422efe9f273b26a43e2811de20792a626141df1d9aca3af6255da490dd4c758add13618d15cd531fb5b61cdfb8382dcf03d
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iblokdlgekdjophgeonmanpnjihcjkjj_44fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72
Filesize17KB
MD5a1b36d762732f9439efa78708a40dafb
SHA16533b78ae795077fa711c67347eabdc88b5a6c6b
SHA25644fdfde835126a128fd9f020a2d7c388491ab5d251a107e4e10b6f24b63e7d72
SHA5128dbfd514f87e7b929ab9d2b61f99939b3cf687947dff980ce3378b56127785acacde7b8fb4ff034e2a31f8cec1901605c6216b6846f5d2a199a245bf6144e05d
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\iodkpdagapdfkphljnddpjlldadblomo_7d98290db967d0a94915b846a794acc2307db5655bd762341767a6b5ba12db88
Filesize1.6MB
MD59356f41f58600de4c868ced3ee58e5ae
SHA10a26c553e993c7e1f25592690bdd40bb8364cc3e
SHA2567d98290db967d0a94915b846a794acc2307db5655bd762341767a6b5ba12db88
SHA512fb1b5901c4896dc176ee3a6858966ebccfe682ee924e58fb6bcd03bc1aa993216b8d7de3543fb3b569e5bf086f1191fc67c552a98a7219943d68b6e77ccb1eb1
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\khaoiebndkojlmppeemjhbpbandiljpe_1.44c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319
Filesize5KB
MD593e97a6ae8c0cc4acaa5f960c7918511
SHA15d61c08dde1db8a4b27e113344edc17b2f89c415
SHA25644c97a8527ef50cab95a16c5e78cd321cbdf315726823afe7e0482af9eb18319
SHA512e61727a277d971467e850456fbc259dad77a331873e53e3e905605cd19b01c2dc46df7400ce8442e39cfac5ac3fbcd833ec7310c7ab1c3380d900dd676ed1679
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\component_crx_cache\mfddibmblmbccpadfndgakiopmmhebop_bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3
Filesize179KB
MD562af22ce07e0375e66db401f83384d5d
SHA1468b255ebdfc24ff83db791823bca7e78b09f3b1
SHA256bdf60991017fe5e955ab0be306333b5427fac3db247bad1f24709d4c9c4b6ef3
SHA51254dd31001427a97665dad169b0d5f32fdb79a89eac7fa23a164bf78095be2d2e5f9195eb9ffedc2d1998f839781e32515baeae482ec74d8409b0d58fe53993e1
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe\1.0.1857\photo.json
Filesize6KB
MD5b4221a629bfb84f51c8b3cf8d6d20c35
SHA1dfc0e72a932c33bc6af11c8ebc95b5d638cfff9e
SHA256abd945d906883ccc4a598c531bd4b0bb8d365e102eb377a18c1618a4b82ab94a
SHA5124dbc84f5bbe523c19dc29fe65614aa9dfaac0b7e06ee242488d64250d7aa8702f8c277b47a41c410b9ef728b5a16dbfa845378d69176cfc96f706a8c9a181882
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc\1.0.69\list_catalog.json
Filesize76KB
MD5d1d6a9d9cc2ada3f3bad8b0da607f4eb
SHA11d286de6436a8a28584744f022af73077ed64601
SHA256f1a889c0f11e2642c299774f601b72b5cc51e86bb1fa7514cfa9f4fa1a9538ad
SHA5124c43a10995b91d2791a8274813f005feab48d83078fb8b51f026266ff524ffbc53c41d507d801101a9a7f765453ab4b08398f4e743b6beb08036b72e40b82934
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo\1.0.11\mapping-table.json
Filesize4KB
MD557ff689022f2d93d2287ac3b48daec73
SHA1937b7dc21193a27607340af7fb7b987b8ea50582
SHA2564665c8cb39b1fd0131b72097484bd3a8309992821a21de9ee0420434cc3f7d5c
SHA5121b81c2c9df45875c2f563b99bb2d29972408e3d449fb2e8793822dc0cf85c41cb48eb92510f4940343ae4826ec9bb4b98093d64f53de635ccf75b5307b92ca87
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj\1.0.106\resources.json
Filesize269B
MD520effecf10eeb0456cc6f537c802f172
SHA18fb3968af27ad30c639f45a6fcee99b48ef79878
SHA256044502a67e39049b4cfe2b80295ad396fff4d1a28e7f2a1200abf21061aace8d
SHA5126a002b205519c0fc498c139d1efcab2f26bc03f3fa795a5bee9b3358c9796088bb6419e2b95afdbb84c5ea36a328dfab01b33c148c84dd8e3b9d21fa07fb6dce
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo\1.0.10214\list.txt
Filesize5.6MB
MD563d16f7e49b27b2a6f737d36ed2b6c84
SHA10d3ea4833744a4f920abdc991d81ed5c2c745f1f
SHA25690a84f6131faa27d5cc916ad133c6fb0c6c9b4d95fc6b3a9ddff5870234c6976
SHA512a2fffdab60ea59eb261a6273c712cd01c169b28f33912d4d45786126ebadb453b59f678a5d3e83133d5e53247296b8547973521667a67e4714f248fc40b59730
-
C:\Users\Admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop\1.0.104\resources.json
Filesize1.2MB
MD5f7e232619fcd50a55c3df6ffbab0245f
SHA1f26eff68192fa88acc08ed97979c258f8f534a33
SHA256f4e1a4ce5d42af762210fc9218115a1048d3564ffbc987b4c47f1d9321dd35e7
SHA512bbe0d62000740c6958e8630af812bc388011a225785e3f8b3b7ccdf2e033a42d63db566df030244ac22884d005f5f2048b4a506ae64a8e7062395b8bf08430f4
-
Filesize
649B
MD5c0d5d570e0cb54cd4e1961dfbbc6539e
SHA1af3cd8da606547fbb7d6b8321b074d95cf2e5533
SHA25689f1af909b6ae1f50dedd3b9a102c4d981841e3e83e732057e44b02c30514624
SHA5121dcffa244438c435f4fd91871ada197da0a629c2ac4139de81fde8bbb2775c50ebe11a7cbc68c078b549f02b1edfa23714bdce8012e285afa496ded080bc783d
-
Filesize
384B
MD54a1952523f8210c3f7542bf28332e546
SHA12425dfd32bcd36f53382b45ce5300a9e2276c6f6
SHA2567217ef9a9ef9ab7acd7ddb3cda617325cdf266d548218dcd86b2ed267b805997
SHA512b2606badf8e147030c5c85b89cda72e755d14ad57d0cb74e25177be8c177c1b61937147b6ac4788293a13599afc96b3219e968fb49032b7a4a0ddfc88ce7e208
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2KB
MD5d508d7bf5e3e5a5b2cde5064952655c0
SHA16c45fdf2c1610783623be0c0b063fd69e55f6f3e
SHA256f16546fff0cf50b79f5b2bb8692abfc4415d0470bd0adb1fe653e4e422a64864
SHA51231a3c886eea781c4b4df397083de9563da2d3b9de3186e73bf7eb69b5bbc175cb7aca2205ab8c04d9b09fb551013ee8602c8c6112f191a614f2dd9ae5778179a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5816fe5424a5a8ec45e2624a806a9dc73
SHA18bade8824b2dc0bf6179a127eb9a417df6a04a40
SHA256e1fee2ed9b097513e98257bec28cb6f8df176c2a49f874c19b4fc38e94bd9e93
SHA512a06af2a486f6fa9ada467104717f98363b80006dafa3248c9ec6bfad8e969a8621c50932d020f0f252475256cd23caacffda30b1efa8763afd3fe3c6157668f4
-
Filesize
9KB
MD5f052356b590ad74baf13e1bbc561b2b4
SHA169c7a5242d66aa47730d2281bab9e11bdcf80f75
SHA256d157ed40f481622a555e49f57a3e85183198331a7343a5eb194b6c81c712ce3c
SHA51207bad347c63b2824f923c11364d974a9d6e0e2c444f817ec4da75313e6bc3be4b4e596478a00bf4efd6e52a1508f26150c161a55d459aec283be76913c8c041f
-
Filesize
9KB
MD53aef354cf12a6af0d2d6d4a436bf967f
SHA179a52165433206ad3b487e09f52874d5874b362c
SHA25687cb7d6fc07ff989c998d112b2a0e721ad85d86af6812136ba1140c166413a9b
SHA5124f2e4ae0c837a963f97a32742477c1383a6e20ef5ff4bf20723358548f284bdf3a881461c5156475236e99c4885da16bc4b6f3382386e0935a822a8974b38e57
-
Filesize
9KB
MD57d24c5a3531df847545ad28b3c02816b
SHA1d58b6a05ec24f8a40893504be4967c19f108e84f
SHA256b5d44b64ee631cfc97a6b00e7b320378eaf22966f22e401be70ea3f046c77d3e
SHA5121ac0f5c24ec9ce7721c73756b7c4b183f58bb1e66d3a894a3da2db7f12afa9bbba279b56d61544feab7245fdc347e25ed5a40c1da8cef2ebc78d2c357ef0780f
-
Filesize
15KB
MD55c4b6990897a215d9ebddf410ae023aa
SHA12ed9420012a1993227f4c20ebd43f192ad54606a
SHA2560db3465f5f5a39d5a27040640f9d879f8319598a6a07cc15e8d2caa0d7c5e708
SHA51251442ab28d80216b7e324e3e000341b1dd71c66951f535787ea922fd5c956db7220ced46a1c41ddcc2966ab605753d90369489a50f61fd0b0596b9e0a6e9acb6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD58afe986b492f0e7dbf8826410950cb8d
SHA1e04e8f34f8944716f7ff55fbc06ff352f6b3d5d6
SHA2561f84113831955596bddba26aa20ffd3677e2118c3ed61ba84814e18bebc335f4
SHA5122093dd6c544b3c25c37da13b101f50fe86b9a8e04bbcb82bcfb44511eb6f25c22be9f20d7efed9bf96a17f9106935c18ece33a704eb7315a666e291c176ed4b5
-
Filesize
231KB
MD5664655647c223255678e6d0f57b21c32
SHA1f132b9befee2a467b1e753bfa8bb585455a4939a
SHA256a2dc436249f30e56dd47aa97246a527059e57617c6a534379a9344ba05d06b8c
SHA512c754e09462b1f3a7b3fbbb302228e6f524d594556cafc4e0f8ab3e8bc652a84ab3123611d5f12bf9434864dac1e3207c62e19561dc2a224d7eb43f3b234fff5b
-
Filesize
231KB
MD5aa918694103e52d16ec4d451a65d5b21
SHA190a9b5c86cf3cc0bca45c00c099de54f5b07922e
SHA25650762e5b0d4d79eed8f56b37a969d605a5c6dbb83631966998a653b052bae7b0
SHA5125e8279d8b35115d781a539e8da56b5aef8fe532886b4d30ce5b604a3b272d01084e7762dcb4066282ec70b4373bbf03e16aca8daf893c50b0c2571a1b705595a
-
Filesize
264KB
MD5a0efee39d4ce2003bea3e03715e32d09
SHA1dcfc63d60f0ed8a54d1a3a7a5f16845821050cac
SHA256a7238b7412afbf026a92e0a1e89f73a9ec96621fd8449eb85fae8dd657689485
SHA512d6d002b7b9832a1fbc09d5113ca1199cd81a2950b27afdc97f4a905367bf3e401eb89bd149437312fe02b32a0992dfc7a63a17bce6cc0aa5a7a96684ee8c02f5
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brave.lnk
Filesize2KB
MD5b2a0fe8a85ae0fd3bf2d879896454087
SHA1206eb4b37876a7f00a5e0ec15b488c7cd7be3670
SHA2562222dbe71be972c91a357053ba355978193b33e7676627a105643a3807ad37c8
SHA512b53c86fd25ce9b1f47afcc16fbbcf9e23af33648579f1aac3bace10df6ea6c3b34b4ab9de399a6efc8c033df53a2f18cbb85a1e90ad16e0faf9b1fe68a80a82d
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.2MB
MD5800116bdc6c7f221f72cf5f70eb755fd
SHA10345c897711b7c51a7a9634017ec0f8a535fbbe0
SHA2563eee2d8dfede35e4ca450be208021e4dd6e425ca887c97b1baed029468db3fa0
SHA5124cdef8f83a1bb881506bc0a31e91014c420a3136425f6b13374b701a981c82877cec69f466e90bc193ff454a199ceab5b7c46498bbc753866cf26b50eb9d93bf
-
Filesize
270KB
MD5d47aa47dd363374c5d7addc38d1e03b5
SHA1bda4e06c7f3b195d253ee8d16665a6e1afe0a83f
SHA2564a01396127a1a003f9e2be30d4786cfcb9cf648ddf5ee534cd55fcc217febc38
SHA512bd81eb6bfb6c18c2a380d25b8f55c9cd5666b2ed9a56fbfc0a82131fd4a8a959a20e1afc2c5f874a275a0ef52417b0301dd28296996a82599b2d59da7d5625fc
-
Filesize
355KB
MD567c2efc9f0e38c878fef286ce52806ce
SHA1961a5c1f74562fb9f4e8af0eacc14565fd8c1ac9
SHA256fe706c1bfcd4411e062748921d1f59deed7c10c7a1cf99214efe4cffbdf81fc7
SHA512ed91f5b286f53c3f848cc009166664939a15b495d4c88aa0c8e89f05d59caaaf1ef766ee7e8d80e198b6f08ec47798d1610558172291530d4e8ba2e0ef82a005
-
Filesize
353KB
MD56c7fa67ea3995d3963f2bc6c5d574f64
SHA114a9cbedc8cbda51a3082217855db41d77b56924
SHA256670be47854d9721c3296ba3ebcc45d6481cd433c1b6c5e36e5f58bbbbefc73ed
SHA5120f9df36652a9630c1c252db45dd48f98a486aacd7a116359f7b61e61db1ab7099176200f5068b6ed5fe7302271d78494bcc213be446ced7eb296ac60bc0092ba
-
Filesize
163KB
MD59b061d9863757b582737d5d2fdb77892
SHA1895c336bf2f06c9c6bfc75991be5bbb552c5b171
SHA256d873aa864f45e204e8a79163d3a856737614fe3b0b7d1d519790e2d20cd83638
SHA512f1faa7f250ce8ad69cccb1ad23f2ed958f2df17e0762ba2b516d570d2e36dadf9c82dfb35b3ddbdf7e689854e1cbd2c1cd2e53dc660f482854f4f1e747de0707
-
Filesize
170KB
MD5baace943cb69990a6f196cc77383cde7
SHA15dd2fd6d0f1edd0f0d22261eb8133563015c760d
SHA25689f6a8374de8b18885cd57dd145abd45d620969bf3c978b078901ff33d53e770
SHA512ba624e1f5ef2804dc682257ed52d2d23cc16d3c29e1f86cd3ace7275249c2389c689c94ea047109d9c1bc629ca47ca7191da58891fc29da908da2d2251fabb57
-
Filesize
154KB
MD5188dd0f6a6da3c448f4d0a6ab6bf34e6
SHA1f9a5b7549bc4f442e925a7f9c05d86d11a3ecb42
SHA256f1b501856f97a5891c9eeacdf7dd8397db45401e1e98f06272f5f985155dd033
SHA512244ed10f7bc680b8662f1af5f83f5e9dd6eb122812c5d97f83d973f914d9f42ca6102f64c23f3f783e48d88a02e6bf1f8175ab36e09fbc82e6222e078b5eed54
-
Filesize
195KB
MD54c2d88ea04ab052af5216bfbacb8c0a1
SHA10f61fd87e6b7f2141bfe93e10faa145b425bb3a4
SHA25606d5fd6ee925d306da651feffe0acab105bc3b3a71e7c9781037d2a75d52d96e
SHA5123f85a94f4c11b340b1637c60af42ef3a672fe7cfce9e723e2f08e47916d403ed2141b835b8177b9ef0647691bb510750c2b4640b52246c9fd85accab6d056cbc
-
Filesize
1.0MB
MD5f1f0b4c0ab01d4306faeee365b0dd5fc
SHA15afa4b636bb9e29a70701ab109174158fc69d0a9
SHA25674a01f68ab2ee3afe873d3a01b2ea3229ff859651d5f56eb3393138beb4fca76
SHA5122520befd3a688898f2c3d28dd2f4fbdc288a2f9e373ca3acf34bda9ac0a310356e4c9a0b39b8ab6425dbde04094df57addcf5e1fdded4e4f224927ac20c9f56b
-
Filesize
42KB
MD59337436cb47cc3c4a65ec6347c8ae3be
SHA124eb28146ef665ea566b4817e7065c8983ff4a10
SHA256fc83411eb9dc48eaba41a293507f9f32e6f588eb4776c818a1b149f4b815ff90
SHA5129929c901a63d23cbae90ab74d22c317ef8394edb794d1b0b034903ce6660fdd4d298c95abd70b474a6981aa632461d0f50812e950e0dfef0a15ea0902b8e1b1e
-
Filesize
41KB
MD50c8ed611fe223dcb228941bc20c173f0
SHA15f442c8181c0c03ef172847383707fd85f7f3308
SHA25634b85c20dc4386622d5d2c77f29b7ae01f344ce75f72f6fdcccb50ed5db218ae
SHA512409bc4a8eff0508f06931706b1c5b3a476545d017c4d61455db99d557899f0165851680accf70deb8f4a058adf7ad5f63e26511f493772f0d243e45a0edfa722
-
Filesize
44KB
MD59acdce73137f52ec65006f18a05afbbd
SHA174cff763ad2a83d112ec151d433f86b9525f1532
SHA2567edbff478d8168fd76d1cfd65ef423969f468ea7b2eba09ca9bbc8ff21621c09
SHA5128dcddadbac4b988ac553261a99d5500f736b43a58b21da5ca5ee2c19aa56ee4a2cc038abe603e112d0aacb4daf3265ae95619ac317c1e5503e71df42bcd752bb
-
Filesize
44KB
MD5fa770becdf39f3127d4d3e23c4ec8903
SHA18f3842ffcdeb40569e54af6eeec5463da70c8e88
SHA2567a2d983d33dcf2c796f0a091e782198b08adb1872f45a6242e2e012ca7046580
SHA5122eb9eef84ec4178ef42d05f3c5febbaa4ec1380fcecb8f18c24c9e17abd81fed923bba801a1ebdae19ead2b6284c05475df7354c4e1790afc801ee1cbe982989
-
Filesize
44KB
MD5708506cb89c91327efc1ec5d52530191
SHA1db5f519cfa5d379fd399393ea637511d48111f43
SHA256a347c24fc9b6b746752bdcf7ded1e3877aaf3a5b48bdcabaa235d4d20108324d
SHA5125a9597478e98dab189e583816fb47ab191185cb9112518101d8e32ae7b743faaf34aafa8ecc5003078cfbdbe07fa1d9672ed6bc369c660eb75b95e7cc32c9a29
-
Filesize
43KB
MD5ffd601448eb927d1c941c568ea9baff4
SHA1113d42f0d653190c20d87eb0459f5cf24fd15bb6
SHA25648a310b5fbcb631ec549314ff9ac8502390aeae703ddaa68be47c05b7cd15685
SHA51279a74c30d89505ca4607229d6416afa84ff3693dea0dba61117bb8e6aaa5047741658f9a4501ced33d89752be76c256736f2fac2ba4384558b04d462bbdd92b5
-
Filesize
43KB
MD58dc7da70d0c82e75fc5bee390586fc88
SHA1ac64e30fd888679bdc67c84dd44e10e45893a602
SHA256f58543f3990cdd784a0ea682bad67c97ecdc964bc1ce7a9699e2c50d829999bb
SHA512ca3c319bbef8631864d4feb249a3cb61a50edb73e19a42e3ff8df1908552f9642ca109d075e352d32b05de9029a3ddaa951d46e8191e10acb16169c5fa640b4f
-
Filesize
45KB
MD5a249bcef5174c610e8e3d239733a5b13
SHA1fd0e36c6f9634237d13b7935492f9e6a4181b644
SHA256771832ae884969b6fc35b265899225618d220e0323ebd1f0b543419594348326
SHA5124dc93f574a394be1e02e2afd07876e94509567d28156ad2b8c2063dd2a7547abcf55ddacaa32a6f0ae73e5e28ea924e3ee27389bab8e8273d8cc330a7634b3a4
-
Filesize
44KB
MD55cb19b6edc93f4a2e0e1d83154bddd9a
SHA158886951b5c2ba0ec2a0c236c5c554ab0c0fc8e3
SHA256ff4033b8a67d09210d10e4c877b7a6c91283d86c3fb6cddac58198ebb9c19a0f
SHA512154e2783cbaaecd40044787d1c183b7201e19dbfa730a4983c98826b702516bcc7d0c9a29c82bdbe2c39c567e3dec44cdd0067fa78c894e2126f2a455df302de
-
Filesize
42KB
MD5f981122f12267ee4c73cb0da214be0fb
SHA11b0585e2bc0d799fb6012f9e7970937a3530a047
SHA256dd5ec23521eec4a7cf0e8e0b8b62c58b94fedd12edeb1bfbcabbb831df161b10
SHA512cc68370957ca4b123003fe59e7aee8281d53ac0648d893a18962383307e18d13d88a2f206d8dc50807c566cae2ce49d4c92e02564569b691cdb6445c3bd0c3ce
-
Filesize
42KB
MD5de5d5c2d3a7f3d50000d893084515535
SHA1624a1ec63cfb43f6b6e5f65792f8ca4933d0748b
SHA256b8f02651ae7a76a859e9474f03b4772ddc5b50ac4c7a607f923644376607e40d
SHA512af454c047f5ab67c0f143aa25461413b35f9731284d911bef5e260f5586122e36386bc5847d8cac872a71dd237d262a9b9ca3a512aad89594ae7052f10cdc75d
-
Filesize
43KB
MD59dff25472fa1fbcb5748d1a75e602dc4
SHA1a4e2e2b2c4fddd505f3621f0291d79b088c5d817
SHA256101849ed8df0a03bd2a6e9319bc1926f0ce2e6a78cae48c0e3c5e2e223b3ab3f
SHA512606aae288ee72226949610cf8fbd37fb605e5240739628fc1ee05f3c1074511611fa7f4b2b32d2889a06f50a4846e9ebf03ff31899cc5a996006bcf6ee86df97
-
Filesize
45KB
MD518c54ba5c8305fad9dc54403520025fc
SHA1cdc032048d6d683aa0f7dbcdc87131deb91008de
SHA25643e0b8dd75b68dea94e61bed162b8b927b57d21993a3d0003dbc65325e98665b
SHA512c843518a5d60f5dc9b27c5ae3463f0be2fbe8a856c30fb7b9964d790defeb939c7a77529765c98416ca95870f60752b006d4a863906d2b0b4924578da235feda
-
Filesize
42KB
MD539b6642bb609383444d77098d5d59b75
SHA139dc2deb942633335f7235878c85948b772aa69d
SHA2565533ef7de215bbd001e5981c5b7277c6fd8601f46c5f168f149e49013424aaf7
SHA512db66e5cd5e0f00ec387dd268fdc3a4f35f393a22db4da88980c5fd567a83181fbe6cfcde435ca94698219610033ae26d57283b661c8111486acbe0cd94a38e22
-
Filesize
42KB
MD5757e330d74b8bbca365256be7479e87f
SHA1a64d3ac7b644316896c763dbc4eadc54865a1c9c
SHA256a8e65af1f52aed81c56ed80ad2ce9193e51eb87070565516a596f7dc4343cff4
SHA512fc3f33bddbf92f2869289350d2da0c6980298fcbbfdbf51aed8c6041d472bb4c0aeb0b06b89756c6ffefec08152a1942cb430eebca36a65dad0ea398e7e4ec8d
-
Filesize
43KB
MD5ed87783b5dc55a79614b5d74063212de
SHA1474d4584cbd52ccdd4122f78f2c368cadea3bf57
SHA256771f125d60ae0208ddc0371c402dab9ce41d5e9392f89a5d2b41338263b26132
SHA512b9fb4dafac7d0ec67960951ff705a06c457dfd5bbf2226114ec7da208e2df9f32cbba55947a84369a18042a07d02e578aec12be7e4bb67130c2147412f8a8a04
-
Filesize
44KB
MD5b0d3f09c96288e9907f0182614281577
SHA18259f3c48167524a0d6452e17e8ead77cb95db60
SHA2561f502936b870b0b3f499e298ebd422d73e7b616f33ffc1105acf3e0bc6e4646f
SHA512f01135f84602d090c6c95a03d51a93dbfe2010a757cac1023577b78dc604aa84a912e222e1bd5daad49cf1a669c7afac498055f50479f12576e471fd990be43c
-
Filesize
44KB
MD5e1d7551ed9c0aea99775cb75ec32546d
SHA12d43f567494bcfa06be60925c4e5611b9dbf9dcd
SHA256a6f4ea29f72f1bcea8ecf7f36cb051d79031fe93f861a04a5b742fccb23cbdf5
SHA512591ac29366b0aa3acab50e9ca5ecfe804d242307054c2b1d46494a463448bb23896e50b1c8a30cf3683a01d7b98e076bb6da1c645b11dbc2b03f18d8f642e86b
-
Filesize
44KB
MD54c38b121c2a3cac6ac5d3bbfd1b6b64a
SHA16274e5ea47631ad29a084a101926a49d51cd5bed
SHA256d09ce2947ef14fffe6afc9e82f13accde827c2d1b2032b8f2e10ca112ab4fb30
SHA51263451b42eb1546b4f5b67d84c3163debd9e492d62d92d33b94e9fe5a82cf5ef1776bce35a2db0a4bf4b8225a643bb3695ae57c522af9482c90d50deba4c65ca9
-
Filesize
43KB
MD57f8942c5d72651c18429e64f37f2d120
SHA178815edb931636879050925bde13c9476a5d9bd5
SHA2565322517f31afdb0ddcb945fce8b6f7d40ff8c55e2efa863928d3dbcde2b779f9
SHA5127fdd4af70d3e2bbf74f91b0229e05b1ec5924a0b5d6ef6fec4a3316c07ccb96f08892c7729391f7f739ee62a92689064d2077d963379b239c3a97695934e7176
-
Filesize
43KB
MD5ccd62eccf313a8949c95ecbb4884715a
SHA1e0ce8b771b63f34d986d42c439500ee711034c2f
SHA2569b0280711f75fcc33d5576884e09f098d5de8becea768bbfeb5d8b8378d801a0
SHA5121bc841a3bcde80563e523d060926081028e8286131adc20ce26e99bea51788cad3a69fdd460d6031f91a2540336d77ac6d086617f2f3f233a6e235ca294a2f67
-
Filesize
43KB
MD53ca2425fef9dc20c9333c32541a3c2fb
SHA1e809cf18a945f9bef6339580aee99d2aff91ad5d
SHA25638824296715f19ee514fd2ef0da05cc9bb666afa418f42449f3fde5c75ae7f5e
SHA512259d5e3b634196430fb6ea85eb13c16a7059769526952279856d411564f949bd9da251700e3e3775216b01c550f87caa445518c5540b70400be6a92484e46e6f
-
Filesize
42KB
MD5eb850ffd8590d3ade2b35739b57f08aa
SHA1ddce0ba1debab90b48cc591dd4c6a581a7a0992a
SHA256b13c02b982ae23737550455a87f3ff526fe8d11ff6b83ec113d3307fba7e1370
SHA512762c4e10a33d8e16b9c410968fc1862edbaeec38f7b2b7c4aba8a30d0bcad8892397150c46c0c708d98919ea1a5cb8bc115293e77285c41be984d16f23656716
-
Filesize
42KB
MD5865354246cfe9a96192629ed4795f14e
SHA12f2917f864594fe993530b6afefc66e7d4152a0f
SHA256c5d50c45a6822ce7b4ad6d70f2f7097f948e19d73e6ee25e4d215c18f0a209df
SHA512d9338ba3cfbda11b8b9521bd7fea895680f73c2af63c2ecd238fe7d4e92350798f5ec63b57380844725e3ab37728a067d545a56a6bd39a90f834bb81a340df43
-
Filesize
44KB
MD5d2f74723be77126402e4b94ebf1c43a8
SHA1271dafde69aa2d0bdb1cc4c083365b855d4def44
SHA256426cfc62c1ac2d2a6fcb69552ba556cae3f2254102439ad4b3fb5084ed26eeac
SHA5129ed29f523a601d95b85979cfb72353eb256c78628067c4a67972d63d41fc117257198095cd74b09c925c7a41afdf2f84b54b6fbaf3b4b65e4113c2b4603e5aca
-
Filesize
40KB
MD58d0b189d979db1f7f80cecd6b270b956
SHA151caee1f1be6b05ab995b2cc629a0ca71b06fec6
SHA2561ac354db7f5f33c34fcfb60d6099340408d26c0c2cf7e5beaa36a5d5bb16f9db
SHA512b044d2e5097f75af0206efeec86c4130c3aee02983202085c5f1fddfb7e41ff633532d1bc3fb8a5ff4f4ea48b94bdf70145b0f6dfb2580669e0eae4c6694dfa9
-
Filesize
39KB
MD5ac596e6de1097abf4de6b7499e25d9b3
SHA1c80ecfd4a8116036652ebf522d3db8803ea00d09
SHA2567e0a9650b7c505f727693c5d426e6781b6b3656800371e7e3c88c2efa5ecb7dd
SHA512339a9224aaaab5be3ffa3f308ee089aba0c94dee0f1b74af00ac9865dbdc349fc54791e6748d8e381a708fe5faa7e14513efe58dae430836507b51da18cc29ba
-
Filesize
44KB
MD5da4b6da2070b33be690fb994353af54d
SHA10bcbb9aab8ac7a4e730021d3aef4a4d2ed93e74d
SHA256694faf1f682abf98da656886199c218406b5adda154a8e00e16a523ce2c4ac26
SHA5125fe7f48ffad1f31792107acc75899b905338471033016b976c3cf90576d4e15914cf910f981f42736a25a1bb5fa4dc0f78f3bd3a1f69689c296b8da0917230ad
-
Filesize
39KB
MD56b9b975e7ab7150fa2434abf9e0e48e5
SHA148a9ca2315511d70e719e6c97f11e1fafc2747c8
SHA2568f9f917cf0de530c930391f2a8e60f0a61485cbfe073a79cc0dece06c01c3742
SHA5124a923a4e761b192ddb295418317466fcc2d325b5321dad7f4e07147f1cc6fc91301ec2a78f0730b7cf1b40942f7151e1cce0bc80b3d91a4e520421c27df68990
-
Filesize
42KB
MD57f037d23a01d3ad1c5a5d79e9a34bdc6
SHA1cf9e916a1f65b2856bdf619c0c5e7485d46062f9
SHA2568a3594ece84a8a17805a63f65b1a4c57177aa0371bc34226d6f7e772cdd4ffac
SHA5125ce45369ba47114290c8eb7a6376da01bcd06f211f2c3bc013128a4b1df0106c9e57cf79bf3bb315aded739e59ab261e61ebe70b3575a8ac86c86be398636c79
-
Filesize
43KB
MD51c8300f20bc188fee606190ce8626f51
SHA138fe19394fe21138c53b11bfbb6259b092f18662
SHA2567742021307d97b97c3705c69708fa5468a743cfbcee20d69dc06ccea5a60a023
SHA5122f4e4b01f8374fc60296d872223e32c52ab2a65303042ed5368f09533fab1b4d6b7c7990b14503593547d02bdff031c72fb29c60075e1bd22c96bee5512389f8
-
Filesize
46KB
MD5c63bd5e95a52f4a404b338fb6ff4565f
SHA182dfbc53e4cac7b0078536beeca22d1b8b98d0eb
SHA2562c8da333986bc28862479457f9c04f7108bcee42e0e6e07071f7ff8e4bf52d73
SHA512b3314094968a2f256bf309d5c5de34525ce8368d4f483caafac46d1d6c3741bcb8c23bae04959a08264309cd227999ec65e9eb56d6297504d32dc89fbf8d01b4
-
Filesize
546B
MD5bb0e3a12a9c61bfca51033cb765a5951
SHA14f8f52d9a5d337df92ca26ca0006e8556e9e80a4
SHA256f9ba9fb10ea9058028a92bb9001404de9a888ecaf3cb7a6c1d44304a0ad80864
SHA5125544b273aecda2a6025dcf97c42c33852fb3b793104119f9f31525fd611f67fd6207b755c4b4476f8da53e64bbc241db73e76a23291de8add00ac6f06b0f4170
-
Filesize
585B
MD58e7f7e2de0285bd4dc57ae46f14aaf42
SHA10b5185466cb3e8f03ab6905cd5af42bf089a0076
SHA2560cdc4a175e23b12d482aab8dfe18ceb319c5e6328aace9de962ae7e7712752af
SHA51276fc573888c6c7bfd9371a2b1f86c31961f5200a4d7190fad1719b1805b1e2986c31ba831721e0f4a4306b812e580763175f79b910a1cb9cec604e54f10f2b2a
-
Filesize
558B
MD5f2ea88c3713fadc1cb2f57ffc5f763e5
SHA1203adbd539223c4ea2c2f0a549dd198d46bda233
SHA2563ecf70ef4593b2d7ff9955f6f62f656b1a3957b743972f1b615c91ad8b4acd62
SHA51232b8508cdb2b650abf06c6e1507769cca8cbaa99bc654d6ad528872aa1606bb66773142029f78353798c1ea73a4e2ade7c76582340b85206cda0a3de857dc212
-
Filesize
555B
MD532c91bf9b8f95b4b2330a1b7d8b6c359
SHA132589e12e041bbc42fb3a66c489b39ef380fc1fd
SHA256cf65a918306fa7763350fd8464fd2f3a049468424b6b89b15b15d824f0796df1
SHA5122f6582a63caf1d18298b6ff9ac65172609c3444d676c5d1988d329e2dfcca5293b6cf2838dd9a6eaa655cbff403989f47fc4811b41e9a2b4c10e7478b92f384a
-
Filesize
578B
MD52f381ce276768dcd1a9a99dfdda95c2f
SHA14f1c3a7bb0a773a141fadff8f036ee7b8b74d9ee
SHA256479c7b379f3358badbcf61bc1683fd0bff02f670799a69bf889cba6d17fa8a50
SHA512f59c7e797557e59e1ff4ed662aa6f37a6375696af0ebfb5a94a7ef7915eaa275b607600df1786d22f415440baf0b9270c6bbedf08ac96b1e27854e729b18d4fa
-
Filesize
533B
MD542009b4dd959e3bc13f18be4df9274fd
SHA1587ae3aa747b57ee96f44ff231efec1cc594dc97
SHA256c9e3cf0c31a16a1a4737fd30b166c6da0a74925590c75026af334c224c022f92
SHA5126a667409d99bfd69b9096fe322eac756e24a96d5a1cff2ff0ef30cbdb66b3355fb00e6914aebbd2fec35107a4e89a5b9981a030e505b8d88cc4a28a6feabc3a8
-
Filesize
76B
MD5c08a4e8fe2334119d49ca6967c23850f
SHA113c566b819d8e087246c80919e938ef2828b5dc4
SHA2565b01512276c45ecc43d4bfa9a912bdaf7afc26150881f2a0119972bffdbd8ab0
SHA512506f9f4fa4baaa4096ce10007eb09cfa95c9188082053b9ff7f2dec65164ff57506b6a8fea28d58783700f257c982aef037afc33f62da8da281e67636430dc23
-
Filesize
95B
MD5061da9bd1c447b3320a725c162f1679b
SHA1ca60f7717a101f61ce88765b362ca82120f4a3b5
SHA256fe0dc1eb2821ca2e025f35c831869856ab79c96648fb6ae6848c39b4b55ae0a4
SHA512ce94eb387dc4affae822a4a978b0064830fe3647ca2ef9f246fb8821e3647f03f7078a7c451be5eb4f16a08077faa3c1c05e264c421eddd63fef927bb799128e
-
Filesize
592B
MD591cce04341b97185e8ec9443a39a03b5
SHA1a16dca739bacd6663349d68ae130c679d9f804c4
SHA256e96619f6d0187785823a311f5b9e5fa8e058282579391b041defe1ce6124de21
SHA512234c9fdb485d9023882c7dab598d3de3d7d2e77ca75528f7cd10d50fa704bafbc8a97a7621afc2ee942bcd148e6febbe8fe9144838abf0cd3387fda842448eb2
-
Filesize
595B
MD502cc7e44b2fcab7d7aa8d0d7f7b1a50e
SHA1d6d7b30f4d68134797e4bcbfa0006bdf18d15bae
SHA256e3652ef484a60b9ab213d4dbf462337acbc1cd63a4cf958bf06dfb574ecb5c8a
SHA512760c37eec18199eca62e79d476f3059138643ce8798bd09f1e85e01a179da7792c0ea6dd35dfcb9431481ad9a44e7d3cc7e9c1bf0f2bf4c7474015ebfbe3d90a
-
Filesize
564B
MD52efa37b5105fbed3014a7be8963dc2ed
SHA1a03fd940871c3a99836f8f1c3bb2edb5e5a32339
SHA2569961547296bbc34112d1c852fb61ada201f87230e56848c17af3df54ef8921b2
SHA5129b0b86e7c110b5d076d67eca5848e1847a8f04de3feb4a4c71e1d00724fad701b0b0cc3f7dba7450ab3392da4ea5e2353ac9f263b81a5a186b694b5a162db69b